Phishing scams are becoming increasingly complex due to the proliferation of accessible tools to cybercriminals. Artificial intelligence (AI) has further complicated matters by enabling more sophisticated, large-scale phishing campaigns. Specifically, generative AI (genAI) has empowered cybercriminals to analyze vast datasets and customize their attacks to mimic legitimate sources.

A new Zscaler ThreatLabz 2024 Phishing Report uncovered a significant increase — nearly 60 percent year-over-year — in global phishing attacks, primarily attributed to genAI-driven phishing schemes. Zscaler’s ThreatLabz team analyzed over two billion phishing transactions across the Zero Trust Exchange (ZTE) cloud security platform, which identifies and blocks phishing attempts. For 12 months (January to December 2023), ThreatLabz examined the evolving threat landscape and identified current trends in cybersecurity.

North America continues to take the brunt of phishing attacks

The findings revealed that North America experienced more than half of all phishing attacks in 2023, with the U.S. accounting for 55.9 percent of these attempts. Other countries with high phishing activity were the U.K. (5.6 percent), India (3.9 percent) and Germany (2.8 percent). Phishing attacks were most often launched from the U.S., the UK and Russia, with Australia seeing a 479 percent increase in hosted phishing content.

Phishing affects all industries, exploiting the human element as a common vulnerability. The finance and insurance sector experienced the highest number of phishing attempts, with attacks increasing by 393 percent from the previous year. Meanwhile, manufacturing saw a 31 percent uptick in phishing attacks. These two sectors and the technology sector — where attacks surged by 114 percent — are leading adopters of AI tools. Together, the sectors accounted for 35 percent of AI/machine learning (machine learning) transactions on the ZTE.

Cybercriminals often exploit trusted domains to deceive victims. Understanding where malicious web traffic comes from can help trace the attack chain and provide security teams with valuable insights. When analyzing the top referring domains in 2023, ThreatLabz found cybercriminals exploit vulnerabilities in a website’s redirect function to mislead users into visiting malicious sites. This strategy lets attackers send emails with links to legitimate sites while hiding the phishing sites’ real addresses.

Big brands most likely to be phishing bait

Popular brands like Microsoft, OneDrive, Okta and Adobe are frequent targets for impersonation because they’re widely used in the enterprise. Since the shift to remote work in 2020, these brands have become even more attractive to cybercriminals. According to the report, Microsoft was the most impersonated brand (43 percent) in 2023, with its OneDrive (12 percent) and SharePoint (3 percent) platforms also ranking in the top five.

ThreatLabz researchers also analyzed the autonomous systems responsible for hosting phishing infrastructure to find the origin of cyber threats. An autonomous system is a network or group of networks with a single routing policy identified by a unique autonomous system number (ASN). The analysis revealed important information about the distribution of ASNs. For example, internet service providers (ISPs) accounted for most ASNs, followed by hosting providers and businesses that operate their internal networks.

Phishing leverages social media for more exploits faster

Not surprisingly, social media platforms are being exploited globally. Telegram saw nearly 793,000 phishing hits due to its end-to-end encryption and user privacy focus. Facebook had over 532,000 phishing hits, with attackers leveraging its large user base for phishing campaigns and identity theft. WhatsApp’s messaging focus led to nearly 379,000 phishing hits, often involving unauthorized access, malware distribution, or social engineering. Instagram faced over 231,000 phishing hits, with threats like account hijacking and spreading malicious links. X (formerly Twitter) and Snapchat also faced security challenges, with threats including account breaches and malicious content distribution.

Cybercriminals leverage AI tools to automate and personalize different parts of the attack process, making it harder to detect. For instance, chatbots can generate convincing phishing emails, while advanced AI services and voice cloning help attackers impersonate reputable organizations or individuals. Such attacks exploit multiple communication channels, including emails, phone calls, SMS and messaging apps.

Generative AI gives rise to deepfake phishing

The growing popularity of generative AI tools has contributed to deepfakes, which use AI to create highly realistic audio or video content that imitates real people. They’re generated using algorithms and neural networks that analyze and learn from large amounts of data, such as images and videos of a specific individual. Deepfakes can cause organizations significant financial losses. In one case, a finance worker was tricked into transferring $25 mil. to cybercriminals who used a deepfake to impersonate a colleague during a video call.

Vishing, or voice phishing, is also on the rise. It involves using phone calls and voice messages to deceive individuals into providing sensitive information. Attackers use familiar or authoritative voices to gain trust. Vishing campaigns have become more sophisticated, with attackers exploiting psychology and technology to defraud victims of millions of dollars. A notable case in South Korea involved scammers impersonating law enforcement officials, leading to a loss of $3 mil. in cash, insurance, stocks, and cryptocurrency.

Zscaler predicts it gets worse before It gets better

In 2024-2025, Zscaler anticipates a surge in vishing attacks spearheaded by malware groups. With the widespread adoption of generative AI, cybercriminals will use the technology to craft more advanced phishing schemes. At the same time, security vendors will integrate AI into their products to enhance threat detection and response. This double-edged sword is expected to become a key aspect of the cybersecurity landscape.

Zscaler also predicts increased phishing kits that include sophisticated adversary-in-the-middle (AiTM) techniques, localized phishing content, and target fingerprinting, largely enabled by AI. Attackers will likely use bots to automate illegal activities, from generating phishing pages to collecting sensitive data. These advancements will allow cybercriminals to conduct high-volume phishing campaigns to evade security protections at the enterprise scale.

Zscaler recommends implementing the following best practices to safeguard against evolving threats in enterprise environments:

  • Email scanning: Use cloud-based filtering to scan incoming emails in real-time and block suspicious content, attachments, and links before they reach user inboxes.
  • Awareness and reporting: Educate employees about phishing risks, and establish a comprehensive response plan for investigating and reporting incidents.
  • Multifactor authentication (MFA): Implement MFA to add layers of security beyond passwords but be aware that MFA can be targeted through SMS and voice phishing.
  • Encrypted traffic inspection: Inspect all traffic to thwart phishing attempts since most attacks use encrypted channels.
  • Antivirus software and threat protection: Keep antivirus software updated to detect and block malicious files. Employ advanced threat protection like AI-powered inline sandboxes to isolate and analyze suspicious files.
  • URL filtering and patching: Use policy-based URL filtering to reduce exposure to high-risk web content. Regularly patch applications, operating systems, and security tools to minimize vulnerabilities.
  • Zero-trust architecture: Adopt a zero trust approach to limit the attack surface and prevent movement within networks. This involves granular segmentation, least-privileged access, and continuous traffic monitoring.
  • Threat intelligence feeds: Integrate threat intelligence feeds with security tools to enhance detection capabilities and stay informed on emerging threats.

Organizations of all sizes can stay vigilant against evolving phishing threats by adopting these security measures, especially as AI-driven attacks become more complex and widespread.