New Phishing Attacks Using ChatGPT to Develop Sophisticated Campaigns

Phishing has been one of the greatest threats to organizations, growing year after year. Phishing attacks have contributed to 90% of data breaches in the past few years, which makes cybercriminals adapt to them, making their attacks much more successful.

Zscaler has published a report indicating an increase of 47.2% in global phishing attacks. These include smishing (SMS), Vishing (VoIP), emails, Adversary-in-the-middle (AiTM, used to bypass Multi-factor authentication), and Phishing-as-a-Service (PaaS)-based attacks.

Since the COVID-19 pandemic, businesses have adapted to remote working, giving threat actors a much larger attack surface to conduct their criminal activities.

Due to business purposes, organizations have been using several communication methods like email, SMS, voice communications, etc., 

However, cybercriminals target and exploit every communication method, resulting in ransomware attacks or data breaches. As per reports, the most targeted industries are 

  1. Education (25.1%)
  2. Finance and insurance (16.6%)
  3. Government (13.8%)
  4. Other (10.5%)
  5. Health Care (8.9%)
  6. Manufacturing (8.8%)
  7. Retail Wholesale (6.4%)
  8. Services (5.7%)
  9. Technology communication (4.1%)

Compared to 2022, attacks on the education industry have increased by a massive amount of 576%, whereas retail and wholesale have dropped by 67% compared to 2021.

Zscaler stated that these attacks are based on analyzing 280 billion everyday transactions and 8 billion blocked attacks.

Other targets include Microsoft (41.4%), OneDrive (23.4%), Sharepoint (5.1%), Binance (crypto exchange, 23.4%), and other illegal streaming services (6.7%).

Imitated brands

The report also stated that these threat actors had used phishing kits and chatbot AI tools like ChatGPT. AI tools are being manipulated into creating sophisticated phishing campaigns cybercriminals use to bypass several security measures.

Zscaler reports suggesting organizations implement a Zero-Trust policy to verify every network, user, application, and device before they are authorized to access sensitive data.

Building Your Malware Defense Strategy – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws

A newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers…

1 hour ago

Fortinet Warns of Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products

Fortinet has revealed and resolved several vulnerabilities within its range of products, such as FortiAnalyzer,…

2 hours ago

Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities

Ivanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple…

2 hours ago

Over 5,000 Ivanti Connect Secure Devices Exposed to RCE Vulnerabilities

Over 5,000 Ivanti Connect Secure devices remain vulnerable to a critical remote code execution (RCE)…

4 hours ago

CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively…

4 hours ago

Over 26,000 Dark Web Discussions Focused on Hacking Financial Organizations

Radware’s comprehensive research into the cybersecurity landscape has uncovered significant trends shaping the financial services…

4 hours ago