IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Digital Transformation
#
Cloud Security
#
HCM

AI-driven phishing attacks surge against Australian targets in 2024

Yesterday
Author image
By Melania Watson, Interview Editor

Zscaler has released its ThreatLabz 2025 Phishing Report, detailing the increased use of artificial intelligence by cybercriminals and identifying Australia as one of the top ten most targeted countries.

According to the analysis of two billion blocked phishing attempts in 2024, there is a significant shift in cybercriminal tactics from widespread phishing emails to more sophisticated, AI-powered attacks aimed at specific business departments. Critical operations such as IT, human resources, finance, and payroll are now at the centre of focused campaigns, with attackers using AI to design more realistic and convincing phishing lures.

Phishing attempts have declined by 20% globally, attributed in part to the adoption of stricter email authentication standards.

However, attackers have adapted by launching more targeted campaigns, especially in regions with rapid digital adoption and less investment in security, such as Brazil, Hong Kong, and the Netherlands. Despite this, established targets like Australia, India, Germany, and the UK continue to experience consistent phishing activity as tactics evolve and adapt to local conditions.

Australia has been highlighted as the eighth most targeted country, with 30,250,352 phishing attempts recorded during 2024. Heng Mok, CISO-in-Residence, Asia Pacific & Japan at Zscaler, commented, "Australian organisations must remain vigilant to the evolving cyber threats that have become increasingly sophisticated with the support of AI. Our research found Australia remains a key target for attackers, with ThreatLabz identifying Australia as the eighth most targeted country with 30,250,352 phishing attempts in 2024. With attackers adopting more creative strategies to distribute malware and gain access to sensitive data, a proactive and robust Zero Trust approach is critical for businesses in preventing and reducing the impact of phishing attacks."

The rise of generative AI is allowing cybercriminals to create highly convincing phishing messages and websites.

The report notes that these include fake "AI assistant" and "AI agent" services, which lure users by offering tools such as résumé creation and graphic design. As more people incorporate AI tools into their daily lives, attackers have exploited this familiarity to deceive users into giving up sensitive credentials and payment data.

Deepen Desai, CSO and Head of Security Research at Zscaler, addressed the evolving landscape, stating, "The phishing game has changed. Attackers are using GenAI to create near-flawless lures and even outsmart AI-based defences. Cybercriminals are weaponising AI to evade detection and manipulate victims, which means organisations must leverage equally advanced AI-powered defences to outpace these emerging threats."

"Our research reinforces the importance of adopting a proactive, multi-layered approach—combining robust zero trust architecture with advanced AI-driven phishing prevention - to effectively combat the rapidly evolving threat landscape."

In addition to targeting critical departments, the report notes that executives have become prime targets due to their access privileges which make approving fraudulent transactions easier for attackers. The use of deepfake voice, video, and text tools has also added complexity to social engineering attempts.

Phishing campaigns are not confined to email, with platforms such as Facebook, Telegram, and Steam being used both for impersonation and malware delivery. Attackers also use these community platforms to mask communications, gather intelligence, and launch social engineering campaigns. During 2024, over 159 million tech support and job scams were recorded, reflecting the persistence of impersonation tactics across social channels.

The report details the growing trend of Phishing-as-a-Service, enabled by AI technology that can generate fake websites, craft personalised messaging, and scale campaigns quickly to exploit new opportunities.

Cybercriminals are increasingly mimicking legitimate AI tools and platforms to encourage users to enter sensitive information.

To address these threats, Zscaler advocates for a security approach that combines Zero Trust architecture with AI. The Zscaler Zero Trust Exchange targets protection across the entire attack chain, aiming to minimise the attack surface, prevent initial breaches, eliminate lateral movement, and stop both insider threats and data loss.

Zscaler's AI-powered offerings extend to securing public and private AI use and identifying AI-generated threats.

The findings of the ThreatLabz 2025 Phishing Report are based on the analysis of two billion blocked phishing transactions from January to December 2024, examining attack trends, targeted regions, phishing content hosting locations, and distribution across organisation types.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Wildstone partners with oOh!media, Gawk Outdoor for VIC billboards
Is it time to re-think the business browser?
NBN raises $1.2 billion to boost sustainable & digital inclusion
Hoyts wins major award for cinema mobile app innovation in 2025
AI-driven cybersecurity shapes future of managed services
Top stories
Cast AI unveils Database Optimizer to boost cloud efficiency
Strengthening cyber resilience in superannuation
APJ region accelerates AI adoption as Dell rolls out new innovations
Australian firms lead global peers in pledging ongoing emissions reporting
Why better data management is crucial for Australian Organisations facing cyber breaches