Take a glass full of technical deception and another two glasses of social engineering, mix them together; this mixture is called phishing. Phishing attacks have evolved outrageously and attackers are targeting individuals and businesses alike. The APWG Phishing Activity Trends Report analyzed phishing attacks, along with other identity theft techniques and attacks, and we have the following statistics.
Some stats your way
The month of July witnessed 260,642 phishing attacks, the highest in APWG’s reporting history since 2004.
Phishing victimized software-as-a-service and webmail industries the most in Q3 2021. The industries accounted for 29.1% of all attacks.
Attacks against payment providers and financial institutions accounted for a staggering 34.9%.
Cryptocurrency-related phishing attacks made up 5.6% of all attacks.
The number of brands being attacked rose to 715 in September from 400 per month.
Why this matters
The number of phishing sites being reported to APWG has surged tenfold as compared to what it was 10 years back. Moreover, phishing attacks have doubled since last year. With the transformation of the online environment, phishing has become a profitable and effective business for threat actors.
Some latest phishing news
The PerSwaysion campaign, ongoing since 2019, used 444 unique phishing portals to target 7,403 people across 14 sectors. These sectors included the U.S. government, healthcare, engineering technology, aerospace, pharma, and financial services.
Researchers recently raised alarm over a Halloween-themed MICROP ransomware that made its way to the targets’ inboxes even though they were SEG secured. While the campaign was not advanced, it used Google Drive to evade SEGs.
A long-term spear-phishing campaign was found targeting Middle East-based employees. The emails contained PDFs that linked to short-lived Glitch apps. These apps hosted SharePoint phishing pages capable of credential harvesting.
The bottom line
The instances mentioned above indicate the myriad of ways in which attackers continue to sharpen their phishing kits and skillsets. Organizations and individuals falling prey to phishing schemes is a multifaceted problem. This constant challenge requires various proactive defense solutions. However, the first step should be to implement MFA and effective cyber hygiene, both internally and externally.