SlashNext analyzed billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks —a 61% increase in the rate of phishing attacks compared to 2021. 


The SlashNext State of Phishing Report for 2022 findings highlights that previous security strategies, including secure email gateways, firewalls, and proxy servers, are no longer stopping threats, especially as bad actors increasingly launch these attacks from trusted servers and business and personal messaging apps.


Key findings of the report include:

  • Cybercriminals are moving their attacks to mobile and personal communication channels to reach employees. SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
  • In 2022, SlashNext detected an 80% increase in threats from trusted services such as Microsoft, Amazon Web Services or Google, with nearly one-third (32%) of all threats now being hosted on trusted services.
  • 54% of all threats detected by SlashNext in 2022 were zero-hour threats, showing how hackers are shifting tactics in real-time to improve success
  • 76% of threats were targeted spear-phishing credential harvesting attacks
  • The top 3 attack sectors are Healthcare, Professional and Scientific Services, and Information Technology.


Current security tools and processes like security awareness training and reputation-based and relationship graph technologies cannot keep pace with many of these new attack trends, according to SlashNext. Organizations must move from traditional security practices and last-generation tools to a modern security strategy, including robust AI phishing controls that address all variations of phishing attacks and provides a broad range of protections.


Mika Aalto, Co-Founder and CEO at Hoxhunt, believes organizations should consider phishing training platforms that use artificial intelligence (AI) to automate the personalization and execution of personalized training based on the person’s role and risk profile to effectively change the behaviors of their employees. “Training people using the same template or requiring manual customization from the IT security teams have proven not to be effective. Moving away from failure focused measurement approaches to engaging the people who miss or succeed in training dramatically increases engagement,” Aalto says. 


“Gamified learning is a completely different animal than what we traditionally associate with education. However, it’s one we need to embrace because the online threat landscape is a completely different jungle that never stops changing,” Aalto adds. “Behavioral cybersecurity learning models are about acquiring lifelong instincts and habits, not short-term quiz knowledge on yesterday’s threats. In practice, that means people learn to actually report suspicious emails out of habit rather than click on malicious links out of curiosity.”