Retail and wholesale at significant risk of phishing attacks
New research from Zscaler has found that many retail and wholesale environments are at significant risk, with a 400% increase in phishing attacks being reported in the last 12 months.
The 2022 ThreatLabz Phishing Report revealed that Phishing-as-a-Service was the key source of attacks across critical industries and consumers globally, with emerging phishing methods like SMS phishing found to be increasing faster than other methods as end-users become warier of suspicious emails.
As part of the research, Zscaler's ThreatLabz research team analysed data from more than 200 billion daily transactions and 150 million daily blocked attacks to help identify emerging threats and track malicious actors from across the globe. They found phishing attacks rose 29% globally to a new record of 873.9M attacks observed in the ZscalerTM cloud last year, with retail and wholesale taking up the largest percentage of attempted attacks.
Cybercriminals were also found to be exploiting current events and online methods, such as the COVID-19 pandemic or cryptocurrency, to implement phishing attacks and steal valuable user information.
Phishing has been seemingly determined as an easy access method for criminals as it is a low barrier for entry. Attackers were easily luring victims by posing as top brands or promoting topical events, making a significant impact on a variety of customer-centric industries.
Zscaler CISO and VP of Security Research and Operations Deepen Desai says the increase in phishing attacks for these industries is concerning, particularly as new methods and technology are developed at a rapid rate.
"Phishing attacks are impacting businesses and consumers with alarming frequency, complexity, and scope - with the rise in phishing-as-a-service making it easier than ever for non-sophisticated actors to launch successful attacks," he says.
"Our annual report highlights how cybercriminals continue to escalate their usage of phishing as a starting point to breach organisations to deliver ransomware or steal sensitive data.
He also says that companies need to think carefully about how they implement strategic security protocols and continue to follow the most up to date advice and research.
"To defend against advanced phishing attacks, organisations must leverage a multi-pronged defensive strategy anchored on a cloud native zero trust platform that unifies full SSL inspection with AI/ML-powered detection to stop the most sophisticated phishing attempts and phishing kits, lateral movement prevention and integrated deception to limit the blast radius of a compromised user, proactive controls to block high risk destinations such as newly registered domains that are often abused by threat actors, and in-line DLP to safeguard against data theft.
According to the Zscaler ThreatLabz research team, an average-sized organisation receives dozens of phishing emails every day, and the company says it takes everyone in the workplace to keep secure. They say it is imperative that employees at all levels should be aware of common phishing tactics and be empowered to spot phishing attempts that can result in financial losses and damage to the business brand.