Zscaler study: Phishing attacks increase by up to 400 percent in retail

BEC-Phishing-Kampagne stiehlt Office 365-Anmeldedaten und umgeht Multifaktor Authentifizierung

The annual ThreatLabZ report sees phishing-as-a-Service as the reason for the cross-industry increase in attacks worldwide

Zscaler, Inc. (NASDAQ: ZS), a leading provider of cloud security, today released the results of its ThreatLabZ Phishing Report 2022, which evaluated twelve months of global phishing data from the Zscaler Security Cloud to identify key trends, industries and regions targeted by attackers, as well as new tactics. Data from more than 200 billion daily transactions and 150 million daily blocked attacks were analyzed to reveal new threat patterns. This year’s report shows a significant 29 percent increase in phishing attacks compared to the previous year, with retail and wholesale companies bearing the brunt of the increase. The report highlights an increasing reliance on phishing-as-a-service methods and new attack paths in the form of SMS phishing, which have become one of the most common methods of penetrating systems.

The results at a glance

  • Phishing increased by 29 percent worldwide to a new high of 873.9 million attacks observed in the ZscalerTM Cloud last year
  • Retail and wholesale has been the most affected industry, with an increase in phishing attacks of over 400 percent in the last 12 months
  • The United States, Singapore, Germany, the Netherlands and the United Kingdom were the most frequent targets of phishing scams
  • New phishing vectors, such as SMS phishing, are increasing faster than other methods, as end users become more suspicious of suspicious emails
  • The increasing phishing activities are directly related to phishing-as-a-service, as ready-made attack tools lower the technical barriers to entry for criminals

Deepen Desai, CISO and VP Security Research &Operations at Zscaler

“Phishing attacks are hitting businesses and consumers with alarming frequency, complexity and scope, and the increase in phishing-as-a-service is making it easier than ever for less savvy actors to launch successful attacks. Our annual study shows that phishing is increasingly being used as a starting point to spread ransomware or steal sensitive data“” explains Deepen Desai, CISO and VP of Security Research and Operations at Zscaler : “To protect against modern phishing attacks, companies must use a multi-pronged defense strategy anchored in a cloud-native zero trust platform. Full SSL inspection with AI and machine learning-based detection help to stop the most sophisticated phishing attempts and phishing kits. Preventing lateral propagation in the network and integrated deception of attackers help to limit the radius of action of hijacked users. In addition, controls to block newly registered domains and the introduction of an inline DLP solution can help protect against data theft.“

Phishing has always been one of the most widespread cyber threats, using various methods of data theft. One of the reasons for the increase in this type of attacks is the low technical barrier to entry. Criminals use current events, such as the COVID-19 pandemic or cryptocurrencies as a hanger to get unsuspecting victims to give out confidential data in the form of passwords, credit card information and login data. The ThreatLabZ Phishing Report 2022 once again makes it clear that well-known brand names or current events are used as bait. The top phishing targets in 2021 included productivity tools, illegal streaming sites, shopping sites, social media platforms, financial institutions and logistics services.

A global problem

In 2021, the US was the most attacked country in the world with over 60 percent of all phishing attacks blocked by the Zscaler Security Cloud. This is followed by Singapore, Germany, the Netherlands and Great Britain.
Phishing attacks have not been observed to the same extent in all countries. In the Netherlands, the number of phishing attacks decreased by 38 percent, which may be due to recently adopted legislation increased penalties for online fraud.
The phishing attacks were not evenly distributed across the different industries. Retail and wholesale companies recorded the most significant increase in phishing attempts by more than 400 percent. This was followed by the financial and public sectors, where attacks increased by over 100 percent on average. However, some industries also experienced a decrease in phishing attacks last year. Attacks in the healthcare sector decreased by 59 percent and in the service sector by 33 percent.

Phishing-as-a-Service – the growing threat

While phishing has long been one of the most common tactics of cyber attacks, using sophisticated methods, non-technical malware actors are also increasingly gaining access to the necessary tools. Underground, the marketplace for the distribution of frameworks for attacks and services is growing. By selling or renting ready-made phishing tools and services on the Dark Web, criminals facilitate the spread of phishing scams on a large scale, thereby increasing the likelihood of a further increase in phishing activities.

Fend off phishing attacks

According to the Zscaler ThreatLabZ research team, an average company receives dozens of phishing emails every day. Employees at all levels should be trained in the detection of the most common phishing tactics so that they recognize these attempts and help to avert financial damage from the company and its reputation.
Although it is impossible to completely eliminate the risk of phishing attacks, effective security management can prevent business-critical information from falling into the hands of hackers. The following measures can help to contain the danger:

  • Develop an understanding of the risks posed by phishing in order to make informed decisions about policies and technologies
  • Use of automated tools and intelligence as a tool to reduce phishing incidents
  • Training to strengthen security awareness and to report suspicious processes by employees
  • Simulate phishing attacks to detect gaps in security policies and procedures
  • Evaluation of the security infrastructure in order to be able to use the latest research and system functions

The Zscaler Zero Trust ExchangeTM platform helps to minimize risk

The Zscaler Zero Trust Exchange integrates security controls to prevent phishing in a holistic zero trust architecture that interrupts every phase of attacks and minimizes the damage. This includes the following range of functions:

  • Prevention of compromise through full SSL inspection, threat analysis with natively integrated intelligence and IPS signature detection, AI/ML for phishing detection and policy-defined high-risk URL categories that are often used for phishing, such as newly registered domains.
  • Preventing lateral movementsby connecting users directly to applications, and not to the network, so that the radius of action of a potential incident can be limited.
  • Detect compromised Users and Insider Threats with inline checking and built-in deception features to detect attackers.
  • Preventing data loss by checking data in motion and at rest to prevent theft by an active attacker.
    The full report is available for download at ThreatLabZ 2022 Phishing Report.


The ThreatLabZ team evaluated data from January 2021 to December 2021 from the Zscaler Security Cloud, which monitors over 200 billion transactions worldwide every day.

Software Outsourcing | Unreal Engine Development

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: