According to the FBI Internet Crime Complaint Center (IC3), phishing attempts are the most-reported type of cyberattack. With a 29% increase in phishing attacks compared to previous years, the retail and wholesale sector has been highly targeted.
The 2022 ThreatLabz Phishing Report from Zscaler reviews 12 months of global phishing data from the organization's security cloud to identify key trends, industries and geographies at risk, and emerging tactics. The researchers analyzed data from more than 200 billion daily transactions and 150 million daily blocked attacks in order to identify emerging threats and track malicious actors from across the globe.
Current trends in phishing
Cybercriminals use current events, such as the COVID-19 pandemic, cryptocurrency or the Russian invasion of Ukraine, to convince unwitting victims to hand over confidential data, such as passwords, credit card information and login credentials.
The report found that phishing attacks lure victims by posing as top brands or promoting topical events. The top phishing themes in 2021 included categories such as productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions, and logistical services.
Phishing attacks were also not evenly distributed across different industries. Retail and wholesale businesses experienced an increase of over 400% in phishing attempts — the most out of all tracked industries. These businesses were followed by financial and government sectors, with organizations in these industries seeing over 100% increases in attacks on average. However, some industries experienced partial relief from phishing attacks last year. Healthcare saw a notable drop of 59%, while the services industry saw a decline of 33%.
Preventing successful phishing attacks
Facing the cybersecurity threat of phishing can be daunting, and while it's impossible to eliminate phishing risk, effective management can prevent business-critical information from falling into the hands of cybercriminals. Security leaders can employ the following tactics for countering phishing growth:
- Learning and understanding the risks posed by phishing to better inform policy and technology decisions
- Delivering timely employee training to build security awareness and promote user reporting
- Simulating phishing attacks to identify gaps in security policies and procedures
- Evaluating security infrastructure to ensure access to the latest research and system capabilities
For more information, download the report.