These are the sectors that suffered the most phishing attacks in 2023

Phishing remains one of the most well-known forms of fraud. Companies understand what it entails and how it typically manifests. However, the negative consequences for corporate stability and the financial losses it causes continue to grow alarmingly. 

P

hishing, defined as the cybercrime that deceives users into revealing confidential information, saw an alarming increase in 2023. According to the 2024 Phishing Report by Zscaler ThreatLabz, the financial and insurance industries suffered the highest number of such attacks, accounting for 27.8% of all phishing attacks. This figure represents an astounding 393% increase from the previous year, highlighting their particular vulnerability. The study provides a comprehensive analysis of this phenomenon, examining 2 billion blocked phishing transactions. 

Geographical distribution of phishing attacks 

The report also reveals an uneven geographical distribution of attacks. North America was the most affected region, with over half of all phishing attempts. It was followed by EMEA (Europe, Middle East, and Africa) and India. By country, the most targeted were the United States (55.9%), the United Kingdom (5.6%), and India (3.9%). 

The high incidence in the United States is due to a confluence of factors creating an ideal environment for cybercriminals’ malicious activities. Firstly, the country has one of the most advanced digital infrastructures in the world, which translates to widespread internet connectivity and high adoption of digital platforms. This extensive digital penetration, while offering numerous benefits, also exposes a greater number of users to potential online threats. 

The second determining factor is the large population, with a high percentage of regular internet users, making it an attractive target for cybercriminals as it increases the chances of finding potential victims for their scams. 

Finally, the widespread adoption of online financial transactions has created a conducive environment for fraud. Cybercriminals exploit the trust that users place in digital platforms to steal confidential information and carry out illegal transactions. 

Increase in vulnerable sectors 

Beyond the financial sector, the report highlights a significant increase in other sectors. For instance, the manufacturing industry experienced a 31% rise in phishing attacks from 2022 to 2023. This increase reflects growing awareness of the sector’s vulnerability as manufacturing processes become more reliant on digital systems and interconnected technologies like IoT/OT (Internet of Things/Operational Technology). 

The reliance on digital financial platforms by the financial and insurance sectors provides ample opportunities for malicious actors to conduct phishing campaigns. These platforms often contain sensitive information such as banking data and access credentials, making them highly attractive targets. 

The increase in the manufacturing sector is attributed to the growing dependence on digital systems and interconnected technologies. As the industry digitises, cybercriminals seek to exploit vulnerabilities in these systems to gain unauthorised access or cause disruptions in operations. 

Spoofed brands: Microsoft remains the favourite 

Security researchers identified brands such as Microsoft, OneDrive, Okta, Adobe, and SharePoint as prime targets for phishing attacks, marked by their widespread use and vast repositories of highly valuable information. 

Microsoft (43%) emerged as the most impersonated enterprise brand in 2023. Its platforms OneDrive (12%) and SharePoint (3%) also ranked among the top five, illustrating the profitability for cybercriminals in exploiting Microsoft’s extensive user base. 

Common phishing methods 

Cybercriminals employ various methods to carry out phishing attacks, and it is crucial to be aware of these to identify and protect against them. Despite this, the most affected sectors continue to bolster their security systems to protect every entry point. Let’s review the most common methods. 

• Fraudulent Emails. Phishing emails often come from fake or spoofed email addresses that appear legitimate, such as those from banks, utility companies, senior executives, or online businesses. These emails typically contain urgent or alarming messages that pressure the user to act immediately, such as clicking a link or opening an attachment, which can expose personal data or allow manipulation of devices and accounts. 

• Deceptive text messages (Smishing). Smishing involves sending fraudulent SMS messages that seem to come from a legitimate organisation. These messages, like phishing emails, often contain links or phone numbers for the user to respond to. Once the user interacts, cybercriminals can obtain confidential information or direct them to a fake website. 

• Fake websites (Pharming). Pharming involves redirecting web traffic from a legitimate website to a fake site created by cybercriminals. These fake websites often look similar to the real site, deceiving users into entering their personal information or access credentials. 

• Deceptive phone calls (Vishing). Vishing involves fraudulent phone calls that appear to come from a legitimate organisation, such as a bank or utility company. Cybercriminals often pose as company employees, requesting confidential information or pressuring the user to make payments or money transfers. 

• Fraudulent QR Codes (QRishing). The rise of QR codes has led to their use in phishing. Cybercriminals create fake QR codes that, when scanned, direct the user to a malicious website. These QR codes can be found in public places such as posters or brochures 

• Deepfakes. Another method highlighted in the report mentioned at the beginning of the article, which has seen an exponential increase alongside vishing. Deepfakes add a layer of realism and credibility to phishing attacks. They are used to impersonate real people, such as company executives or authority figures. Through deepfake videos or audios, cybercriminals can create false scenarios in which the impersonated person requests the user to perform actions such as transferring money, revealing confidential information, downloading malware, or obtaining personal data like account numbers or passwords. 

TrustCloud’s Zero Trust approach: A strong commitment to security 

Fortunately, there are measures to mitigate these attacks, and companies have increasingly more information about various tactics and how to counteract their effects. A security approach based on Zero Trust can be an effective tool. The Zero Trust architecture is based on the principle of “never trust, always verify”, meaning continuous authentication is required to access resources, regardless of whether the user is inside or outside the corporate network. At TrustCloud, for example, we implement Cloudflare as a Zero Trust Network Access (ZTNA) tool for granular access control. 

Zero Trust functions as a robust shield that protects users and organisations from attacks that seek to steal confidential information, spread malware, or disrupt operations. 

Moreover, we combine this solution with Area 1 email protection, creating a layered defence strategy that makes it difficult for cybercriminals to infiltrate our systems. 

One of Area 1’s main weapons is link isolation. This revolutionary feature neutralises malicious links embedded in emails. When a link is clicked, Area 1 isolates it in a secure environment and executes it without exposing the user’s device or the corporate network to potential threats. The user can safely view the website’s content while Area 1 analyses the page for suspicious activity. 

Area 1 employs sophisticated machine learning algorithms to detect and block phishing emails with unmatched precision. It analyses various elements such as the sender, message content, links, and images to identify patterns indicating phishing attempts. Suspicious emails are automatically blocked, preventing them from reaching users’ inboxes and compromising their security. 

Emails are often used as vectors to spread malware. Area 1 incorporates powerful malware scanners that analyse attachments for malicious code. If malware is detected, the file is blocked, preventing it from infecting devices or the network. It also protects against the accidental or intentional loss of confidential data. Area 1’s DLP solution automatically identifies and blocks the transmission of sensitive information, such as financial data, personal information, or intellectual property, via email. 

Area 1 is deployed as a native cloud solution, offering several advantages. It is easy to implement and manage without needing to install software on user devices. Additionally, it automatically scales to adapt to the organisation’s changing needs. 

Continuous training and awareness in the most affected sectors: keys to battling phishing 

TrustCloud also emphasises comprehensive awareness and training programs, as well as developing gamification activities to keep its team as prepared and up to date as possible. 

Phishing remains a considerable threat to the digital security of individuals and companies. The Zscaler ThreatLabz report highlights the alarming increase in phishing attacks, especially in the financial and insurance sectors, although no industry that relies on digital platforms is immune to this phenomenon. It is crucial for companies and users to be aware of phishing tactics and adopt robust security measures to protect themselves. 

Contact us and protect your company from phishing dangers