Phishing Operations Escalating As Threat Actors Utilize AI Tools

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Apr 18, 2023 05:49 am PST

In the latest ThreatLabz Phishing Report from zero trust security firm Zscaler, the number of phishing campaigns worldwide increased by about 50% in 2022 compared to 2021, partly because of new AI tools that threaten actors could access and phishing kits.

The US accounted for a startling 65% of all phishing attacks worldwide (up from 60% in 2021), though at a slower rate there than in Canada (up 718%), the UK (up 269%), Russia (up 19%), and Japan (up 92%).

Regarding industry type, attacks in the education sector increased by 576%, and those in the banking and government sectors, according to Zscaler, increased by 273%. Retail and wholesale, a previously heavily targeted industry, showed a 67% decrease in phishing assaults.

The April 18 report indicated that most current phishing attacks used stolen credentials and highlighted the growing threat of Adversary-in-the-Middle (AitM) assaults. The InterPlanetary File System (IPFS), a distributed peer-to-peer file system, is being used more. Black market phishing kits and AI tools like ChatGPT.

The development of phishing has been considerably aided by AI tools like ChatGPT and phishing kits, which have lowered the technological entry barriers for thieves and saved them time and resources. According to the paper, “large language models, such as ChatGPT, have made it simpler for cyber criminals to create harmful code, Business Email Compromise (BEC) assaults, and produce polymorphic malware that makes it more difficult for victims to recognize phishing.

Another Zscaler ThreatLabz discovery demonstrates how SMS phishing, also known as “smishing,” is now transitioning into more voicemail-related phishing, or “vishing,” which lures more victims into opening infected documents. The survey also noted an upsurge in job recruitment frauds on LinkedIn and other job search websites.

“Unfortunately, many large companies in Silicon Valley had to make the difficult decision to downsize in 2022. Cybercriminals used false job postings, websites, portals, and forms to lure job seekers. Victims would frequently undergo a lengthy interview procedure, with some being requested to buy items that would be refunded.

Zscaler’s global CISO and head of security, Deepen Desai, issued a public statement warning that while phishing attempts are on the rise, their sophistication is unprecedented.

“Year over year, the number of phishing assaults is rising and becoming more sophisticated. Threat actors are using phishing kits and AI tools to spread email, smishing, and vishing campaigns that are incredibly effective. The expert said that attackers could get through multi-factor authentication and other traditional security measures thanks to AitM attacks, which are enabled by the rise of phishing-as-a-service.

AI Tools Like ChatGPT Becoming Easy Target

Large language models like ChatGPT and new AI tools have made it simpler for cyber criminals to create harmful code, launch Business Email Compromise (BEC) attacks, and create polymorphic malware that makes it more difficult for victims to recognize phishing. IPFS, a decentralized peer-to-peer file system, lets users store and transfer files.

It is also increasingly being used by malicious actors to host their phishing pages. A phishing page stored on IPFS is far more challenging to remove due to the peer-to-peer nature of the network. A significant phishing campaign that uses adversary-in-the-middle attacks was just detected by ThreatLabz. AiTM attacks employ strategies that can defeat standard multi-factor authentication procedures.

Vishing, or phishing operations with voicemail themes, are a development of SMS or SMiShing attacks. By leaving a voicemail of these pre-recorded messages, attackers are exploiting authentic voice samples of the executive team in these vishing assaults. Recipients are then coerced into acting, such as sending money or supplying information. The Vishing assaults have been used to target numerous US-based companies.

Scams targeting job seekers are also becoming more prevalent on LinkedIn and other job search engines. Regrettably, several large companies in Silicon Valley had to make the difficult decision to downsize in 2022. To lure job seekers, cybercriminals used false job postings, websites, portals, and forms. Frequently, victims would go through a lengthy interview procedure, with some being requested to make purchases of materials for which they would subsequently be compensated.

Cybercriminals frequently have success posing as a well-known consumer and tech brands. Microsoft was the most mimicked brand of the year once more, accounting for close to 31% of attacks as attackers used phishing to acquire access to various Microsoft corporate applications used by the victim organizations. 17% of mimicked brand attacks targeted cryptocurrency exchange Binance, with phishers pretending to be fraudulent customer service agents from banks or P2P firms. The top 20 most copied and phished brands included well-known companies like Netflix, Facebook, and Adobe.


According to Zscaler’s research team, cybercriminals increasingly use generative artificial intelligence (AI) developments like OpenAI’s ChatGPT tool to perform more complex phishing attacks. The team discovered a nearly 50% rise in phishing assaults compared to 2021 after analyzing 280 billion daily transitions and 8 billion daily stopped attacks during 2022. In addition, the government, financial, and insurance sectors, as well as the education sector, were identified as the most targeted industries in 2022. The US, the UK, the Netherlands, Russia, and Canada were the top five most targeted nations. The research lists some brands most frequently replicated as Microsoft, Binance, Netflix, Facebook, and Adobe.

Because they can successfully resemble legitimate messages, these AI-driven phishing efforts are more challenging to spot and defeat, which increases the likelihood that victims would fall for the scams. For instance, the survey revealed an increase in bad actors who use vishing and recruiting scams to target job searchers. Researchers at Zscaler predict that threat actors will utilize AI tools more regularly to find fresh targets for phishing scams. Expect to see more sophisticated scams in various forms of communication, including websites, SMS, and email. Moreover, be ready for an increase in phishing efforts as criminals use AI tools to undertake more organized attacks on more significant populations.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x