Phishing attacks up 50%, education sector most targeted

Phishing attacks rose nearly 50 per cent in 2022 compared to 2021 and education was the most targeted industry, with attacks increasing by 576 per cent, a report showed on Tuesday.

Other sectors that faced the brunt were finance and government, while 2021's top target, retail and wholesale, dropped by 67 per cent, according to cloud security leader Zscaler.

The top five most targeted countries were the US, the UK, the Netherlands, Canada and Russia.

Top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe, said the report.

"Threat actors are leveraging phishing kits and AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale", said Deepen Desai, Global CISO and Head of Security, Zscaler.

AI tools like ChatGPT and Phishing Kits have significantly contributed to the growth of phishing, reducing the technical barriers to entry for criminals and saving them time and resources.


The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle attacks, increased use of the InterPlanetary File System (IPFS), as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT.

Vishing, or voicemail-themed phishing campaigns, have evolved from SMS or SMiShing attacks.

Attackers are using real voice snippets of the executive team in these vishing attacks by leaving a voicemail of these pre-recorded messages.


Then, recipients are pressured into taking action, like transferring money or providing credentials. Many US-based organisations have been targeted using Vishing attacks.

Recruitment scams on LinkedIn and other job recruiting sites are also on the rise, said the report.

Microsoft was once again the most imitated brand of the year, accounting for nearly 31 per cent of attacks as the attackers phished for access to various Microsoft corporate applications of the victim organisations. -IANS