India ranks third globally for phishing attacks in 2023

Zscaler, a cloud security firm, has revealed in its recently published ThreatLabz 2024 Phishing Report that India stood as the third-largest country around the world for phishing attacks in 2023, with the technology sector being the most targeted industry facing close to 33% of all attacks.

The in-depth report, which analysed more than two billion blocked phishing transactions across Zscaler's Zero Trust Exchange platform from January to December 2023, disclosed that the top five countries targeted by phishing attacks were the US, UK, India, Canada, and Germany. Phishing attempts in India surpassed 79 million, marking it as the most targeted country in the Asia Pacific and Japan markets, accounting for 33% of phishing attempts in the region.

According to the report, phishing has become increasingly sophisticated with threat actors leveraging advanced techniques such as AI-driven voice phishing (vishing) and deepfake phishing. Deepen Desai, CSO and Head of Security Research, underlined the significance of the report's insights for forming strategies and reinforcing phishing defences, saying, "These findings emphasize the need for organizations to adopt a proactive layered approach that integrates a robust zero trust architecture with advanced AI-powered phishing prevention controls to effectively counteract these evolving threats."

Sudip Banerjee, Chief Technology Officer, Asia Pacific & Japan at Zscaler, stated that the "escalation in numbers and sophistication of phishing attacks in the nation" is a result of the advancement of the digital infrastructure in India and widespread internet and online financial transactions use. At the same time, around 55.9% of phishing scams targeted the United States, with the UK coming second at 5.6% and India third at 3.9%, according to the data recorded on the Zscaler cloud in 2023.

The ThreatLabz report revealed that the finance and insurance sector globally saw the highest number of phishing attempts, registering a 393% increase in attacks from the previous year. However, in India, the technology sector witnessed the most attacks, contributing to nearly one-third of all phishing attacks observed in the country.

Regarding brand impersonation in phishing attacks, the study found that Microsoft, the most imitated brand, was targeted in 43.1% of phishing attempts. The OneDrive and SharePoint platforms, both Microsoft-owned enterprises, were also among the top-five imitated enterprise brands. Zscaler's ThreatLabz recommends adopting a Zero trust architecture integrated with advanced AI-powered phishing prevention controls to effectively defend against the evolving threat landscape highlighted in the report.

The surge of phishing attack volumes from countries such as the US, the UK, and Russia, and significant growth in Australia – which saw a year-over-year increase of 479% – hosted phishing content. As a response, various countermeasures, including the implementation of the Digital Personal Data Protection Act by the Indian government, are being developed to help avoid such attack vectors.