Apart from increasing in volume, phishing attacks have taken unexpected turns this year. The Quarterly Threat Trends & Intelligence Report states that phishing attacks are being delivered via different online platforms. Let us check what the latest phishing trends are from the first quarter of the year.
Some stats your way
Credential theft phishing attacks targeted the financial sector, accounting for 53.8% of all attacks.
Credential theft accounted for 21.5% of all phishing attacks against social media.
However, the telecommunications sector observed a decrease of 10.3% in phishing attacks.
In Q1 2022, almost 52% of phishing sites were staged via compromised sites.
Around 66% of all phishing sites were staged on four generic top-level domains, a 9.1% increase from Q4 2021.
While there has been a slight increase in the traditional email phishing attack, the other trends include social media impersonation scams, dark web threats, hybrid vishing attacks, and BEC attacks.
Why this matters
The rise in malicious activity through unconventional platforms indicates the opportunistic nature of threat actors. Phishing is a massive threat to organizations and their customers and employees. Social media has become a favorable channel for attackers since attacks increased 105% since this time last year. Cyberattackers have multiple vectors to abuse their victims as organizations leverage various platforms to conduct operations and communicate.
Latest phishing attacks
Threat actors sent phishing emails to South African employees via monkeypox-themed lures.
NakedPages, a new sophisticated phishing toolkit, was put up for sale on cybercrime forums. It can target Google and MS Office users.
A massive phishing campaign targeting Facebook lured millions of users. The adversaries stole the victims’ credentials and displayed ads for revenue generation.
The bottom line
The above statistics and incidents highlight that just securing the network perimeter is not enough for organizations to stay safe from phishing attacks. For better visibility into the threat landscape, enterprises need to proactively monitor threats and gather threat intelligence.