In a new report from cloud security leader, Zscaler, Australia was listed as one of the top 10 countries identified as the main origins of phishing attack between January and December 2023, due to a 479% year-over-year surge in the volume of phishing content hosted in the country. 

Overall, 2023 proved a significant year for phishing activity in Australia. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch service recorded nearly 109,000 reports of phishing-related scams, resulting in losses totaling $26.1 million.

In the Asia Pacific Japan region, India leads in Phishing attacks, with Australia following closely behind with over 29 million attacks. The report revealed that in the APJ region, Australia encountered 12.32% of phishing attempts and experienced a surge of 479.3% in the volume of phishing content hosted in Australia.  

ThreatLabz data revealed a global year-over-year increase of nearly 60% in phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deepfake phishing.

Zscaler area vice president for ANZ, Eric Swift said, “The potential of AI is reshaping the cyberthreat landscape and redefining what is possible in the world of cyberattacks, particularly phishing scams. Phishing remains a persistent threat and with the emergence of new technologies, it is crucial organisations understand the best practices to protect against phishing threats. The findings show a proactive zero trust approach with advanced AI-powered capabilities is imperative to address evolving threats.” 

ThreatLabz researchers identified enterprise brands such as Microsoft, OneDrive, Okta, Adobe and SharePoint as prime targets for impersonation due to their widespread usage and the value associated with acquiring user credentials for these platforms. Microsoft (43%) emerged as the top imitated enterprise brand in 2023, with its OneDrive (12%) and SharePoint (3%) platforms also ranking in the top five brands.

How a Zero Trust architecture can mitigate phishing attacks 

Organisations can implement a Zero Trust architecture with advanced AI-powered phishing prevention controls to effectively defend against the ever-evolving threat landscape highlighted in the report.

The Zero Trust Exchange platform helps prevent conventional and AI-driven phishing attacks by: 

  • Preventing compromise: TLS/SSL inspection at scale, AI-powered browser isolation and policy-driven access controls prevent access to suspicious websites. 
  • Eliminating lateral movement: Users connect directly to applications, not the network, while AI-powered app segmentation limits the blast radius of a potential incident. 
  • Shutting down compromised users and insider threats: Inline inspection prevents private application exploit attempts, and integrated deception capabilities detect the most sophisticated attackers. 
  • Stopping data loss: Inspection of data in-motion and at-rest prevents potential theft by an active attacker.