The data revealed a year-over-year increase of nearly 60 per cent in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing.
Zscaler, a cloud security platform, announced the release of the Zscaler Threat Labz 2024 Phishing Report, which analysed 2 billion blocked phishing transactions across the Zscaler Zero Trust ExchangeTM platform between January and December 2023. As per the report, in 2023, the United States, the United Kingdom, and India emerged as the top countries targeted by phishing scams.
India is among the top three targets for phishing attacks globally:
India experienced over 79 million phishing attacks, ranking as the third highest volume of phishing attempts recorded in the Zscaler cloud in 2023 (following the U.S. at 1.1 billion and the U.K. at 112.9 million). Moreover, it stands out as the most targeted country in the APJ region for phishing attempts, accounting for 33.12% of the total phishing attacks in the region.
“The advancement of the nation’s digital infrastructure, growing population of internet-connected users, and extensive use of online financial transactions have undoubtedly led to an escalation in the numbers and sophistication of phishing attacks in the nation,” said Sudip Banerjee, CTO, Asia Pacific & Japan at Zscaler.
Technology sector in India witnessed the highest number of phishing attacks:
The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393 per cent increase in attacks globally from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.
Whereas in India, the technology sector saw the highest volume of attacks, accounting for almost 33 per cent of the phishing attacks observed in the country. Meanwhile, the manufacturing sector experienced the highest attacks in Australia, Korea, Malaysia, Singapore, and Taiwan, while the services sector was the top-targeted industry in Japan and Hong Kong.
The manufacturing industry also experienced a significant uptick (31 per cent) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry's vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT and OT, the risk of exploitation by threat actors seeking unauthorized access or disruption also grows.
Microsoft remains the most impersonated brand used in phishing attacks:
ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe, and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms.
Microsoft emerged as the top imitated enterprise brand in 2023, with its OneDrive and SharePoint platforms also ranking in the top five—serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.