Phishing has long been one of the most pervasive cyberthreats, and it grows every year. According to the FBI’s Internet Crime Complaint Center (IC3), phishing reported the most victims nationally in 2020, and according to the 2021 Verizon Data Breach Investigations Report, 35% of all data breaches involved scams trying to steal people’s sensitive information or login credentials. Phishing did not slow down in 2021: the Zscaler ThreatLabz research team saw a 29% increase in phishing attempts globally over the course of 2021 based on data from billions of blocked attacks across the Zscaler cloud.

Phishing is rising for multiple reasons. As organizations increase their malware and exploit prevention capabilities, attackers turn to social engineering tactics to steal login credentials and successfully compromise organizations. Human adversaries—particularly those with valid credentials—are much harder to detect and stop.