A new threat report released by cloud provider security Zscaler is finding alarming trends in the growth of phishing attacks in 2022.
The report – compiled from data including 280 million transactions and a review of eight billion blocked attacks – finds a 47 percent increase in 2022 of phishing attacks, and says that attackers have been utilizing newer tools including AI to attack vulnerable organizations.
“Phishing scams are a growing threat, and cybercriminals’ methods are becoming increasingly sophisticated, making them harder to detect and block,” the report says.
The report highlights that growth in attacks on the education sector has swelled more than five-fold.
It also finds that attackers have moved away from exploits tied to the coronavirus pandemic. “COVID-themed brand attacks accounted for 7.2 percent of phishing scams in 2021, while they dropped to just 3.7 percent in 2022,” states the report.
The report finds that the “US is once again the most targeted country for phishing attacks, a position it has always held – [with] more than 65% of all phishing attempts [occurring] in the” United States.
Some of the most commonly used tactics include the use of SMS phishing – which employs voicemail-related phishing (Vishing) to attract victims into opening up malware attachments. Other often-seen tactics include the use of Sophisticated Adversary-in-Middle (AiTM), which can help hackers bypass multifactor authentication security measures.
In light of these trends, Zscaler is urging organizations to start “Implementing continuous security awareness training and [conduct] regular phishing simulations.” The report concludes that people should look out for the following to avoid falling to phishing scams:
- Suspicious sender addresses;
- Generic greetings and signatures;
- Spoofed hyperlinks and websites;
- Spelling and layout; and
- Suspicious attachments.