Australia among top 10 sources of phishing attacks in global report

In 2023, Australia emerged as one of the top ten countries identified as the main origin of phishing attacks, according to the recently released Zscaler ThreatLabz 2024 Phishing Report. The report, based on the analysis of 2 billion blocked phishing transactions across the Zscaler Zero Trust Exchange platform, offers a comprehensive look into the evolving landscape of phishing threats.

The Australian Competition and Consumer Commission’s (ACCC) Scamwatch service recorded nearly 109,000 reports of phishing-related scams over the year, culminating in losses of AUD $26.1 million. The number of phishing attacks launched from Australia saw an alarming increase, with the country experiencing a 479.3% surge in the volume of hosted phishing content.

Australian manufacturing industries were identified as the primary target, registering 5,984,195 phishing attacks between January and December 2023. Following closely behind was the services sector, which saw 5,776,337 attacks. Other sectors such as Technology, Government, Education, Finance and Insurance, and Retail and Wholesale were also heavily targeted.

The report highlighted the rising trend of AI-driven phishing attacks, noting a global year-over-year increase of nearly 60% in such activities. Techniques leveraging generative AI, including voice phishing (vishing) and deepfake phishing, have become more prevalent as attackers utilise these sophisticated technologies to enhance their social engineering strategies.

Eric Swift, Area Vice President, ANZ at Zscaler, said, "The findings show 29,427,987 attempts of phishing in Australia alone, emphasising the widespread threat posed by this type of attack. Phishing remains a persistent threat and with the emergence of new technologies, it is crucial organisations understand the best practices to protect against phishing threats. The findings show a proactive zero trust approach with advanced AI-powered capabilities is imperative to address evolving threats."

Globally, North America accounted for more than half of all phishing attacks, with the majority originating from the United States, the United Kingdom, and Russia. Australia entered the top 10 due to the substantial year-over-year increase in hosted phishing content. The US led the list with 55.9% of phishing attempts, followed by the UK (5.6%) and India (3.9%).

The financial and insurance sector, in particular, experienced a nearly 400% increase in phishing attacks. This significant rise is attributed to the sector’s heavy reliance on digital financial platforms, which present lucrative opportunities for threat actors. The manufacturing industry also saw a 31% increase in phishing attacks over the past year, reflecting the industry's growing vulnerability as processes become more digital and interconnected.

ThreatLabz researchers found that Microsoft remained the most impersonated brand used in phishing attacks, with 43% of the incidents involving the company. Its OneDrive and SharePoint platforms were also among the top five brands exploited by cybercriminals. ANZ Banking Group was ranked eleventh among the top twenty enterprise brands imitated in phishing attempts.