Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG).
As email security technologies improve, scammers are turning to social media apps, text messages, and voice calls to conduct social engineering attacks.
Matthew Harris, Senior Product Manager, Fraud at OpSec, explained, “We have observed an increased share of fraud being targeted towards sites that do not require high security, such as social media sites like Facebook and LinkedIn, and SAAS and Webmail accounts such as Microsoft Outlook and Netflix.”
The report also found that the volume of phishing attacks targeting bank accounts has fallen compared to last year, but these attacks have grown more sophisticated and targeted. Attackers need to put more effort into banking-focused attacks since these institutions typically have additional layers of security.
“Banks require two-factor authentication for online banking, such as codes sent to the users’ mobile phones,” the report says. “Without those authentication codes, phishers can’t get into victims’ online financial accounts. So instead, fraudsters are using phone-based methods to phish bank and payment service users. These are more immediate contact methods, and allow the fraudster to talk victims out of their sensitive information.
Phone-based fraud is initiated by different methods. One is voice phishing or vishing -- where fraudsters call potential victims. Another is SMS-based phishing or smishing – in which fraudsters advertise the URLs of phishing sites within SMS (Short Message Service) and Internet-generated, phone-to-phone text messages.”
The majority of scams in Q2 2024 involved gift card fraud or advance fee requests. APWG contributor Fortra found that the average amount of money requested in business email compromise (BEC) attacks rose by 6.5% last quarter to reach $89,520.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The APWG has the story.
