AI-driven phishing attacks deceive even the most aware users

Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler.

AI automates and personalizes various aspects of the attack process

AI-driven phishing attacks leverage AI tools to enhance the sophistication and effectiveness of phishing campaigns. AI automates and personalizes various aspects of the attack process, making phishing even more challenging to detect. For example, chatbots are commonly used to craft highly convincing, error-free phishing emails.

By leveraging AI algorithms, threat actors can swiftly analyze vast datasets to tailor their attacks and easily replicate legitimate communications and websites with alarming precision. This level of sophistication allows phishers to deceive even the most aware users.

By eliminating spelling errors and grammatical mistakes, GenAI tools enhance the credibility of phishing communications. What’s more, GenAI can quickly create sophisticated phishing pages or extend its capabilities to generate malware and ransomware for secondary attacks.

“Phishing remains a persistent and often underestimated threat within the cybersecurity landscape, growing more sophisticated as threat actors harness cutting-edge advancements in generative AI and manipulate trusted platforms to intensify attacks,” said Deepen Desai, CSO and Head of Security Research.

“In this context, the latest ThreatLabz insights are more crucial than ever for informing our strategies and strengthening phishing defenses. These findings emphasize the need for organizations to adopt a proactive layered approach that integrates a robust zero trust architecture with advanced AI-powered phishing prevention controls to effectively counteract these evolving threats,” added Desai.

Countries that experienced the most phishing attempts

In 2023, the United States (55.9%), United Kingdom (5.6%) and India (3.9%) emerged as the top countries targeted by phishing scams. The high occurrence of phishing in the US is attributable to its advanced digital infrastructure, large population of internet-connected users and extensive use of online financial transactions.

Canada (2.9%) and Germany (2.8%) rounded out the top five countries that experienced the most phishing attempts. The majority of phishing attacks originated from the US, the UK, and Russia, while Australia entered the top 10 due to a 479% year-over-year surge in the volume of phishing content hosted in the country.

The finance and insurance sector experienced the highest number of overall phishing attempts, amounting to a 393% increase of attacks from the previous year. Reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.

The manufacturing industry also experienced a significant uptick (31%) in phishing attacks from 2022 to 2023, underscoring the growing awareness of the industry’s vulnerability. As manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT, the risk of exploitation by threat actors seeking unauthorized access or disruption also grows.

Microsoft remains the most imitated brand

ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms.

Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five—serving as lucrative targets for cybercriminals aiming to exploit Microsoft’s vast user base.

Adversary-in-the-middle (AiTM) attacks remain a persistent threat, and browser-in-the-browser (BiTB) attacks are now on the rise. These tactics directly target users in web browsers, making them more challenging to detect and mitigate.

Tech support scams and QR CAPTCHA scams were among 2023’s most prevalent attack types, exploiting users’ trust in tech support services and widespread use of QR codes.

For this report, Zscaler ThreatLabz analyzed 2 billion blocked phishing transactions between January–December 2023, exploring various aspects including the top phishing attacks, targeted countries, hosting countries for phishing content, distribution of company types based on server IP addresses, and the top referrers linked to these phishing attacks.