The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group’s (APWG’s) latest report.
This is nearly double the amount requested during Q3 2024. The researchers found that Gmail accounts were used to launch 81 percent of BEC scams last quarter.
The report also warns of a surge in SMS phishing scams impersonating toll operators in the US, driven by a popular Chinese phishing kit.
“Residents of the United States are being bombarded with text messages from Chinese phishers, purporting to come from U.S. toll road operators, including the multi-state EZPass system,” the researchers write. “The messages warn recipients that they face fines or loss of their driving license if they don’t pay their tolls online.
Researchers have found that this ‘smishing’ (SMS phishing) is enabled by an upgraded phishing kit sold in China, which makes it simple to send text messages and launch phishing sites that spoof toll road operators in multiple U.S. states. The phone numbers that the phishers send the messages to are usually random—they are sometimes sent to people who do not use toll roads at all, or target users in the wrong state.”
The APWG members observed just under a million phishing attacks in Q4 2024, indicating a steady increase over the course of the year. The SAAS/Webmail category was the most frequently attacked sector, accounting for 23.3 percent of all phishing attacks. Social media came in second, with 22.5% of phishing attacks.
New-school security awareness training can give your organization an essential layer of defense against phishing attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The APWG has the story.
Here's how it works:
