The volume of phishing attacks has increased 22% this year compared to the first half of 2020, according to researchers at PhishLabs.
“Phishing continues to be one of the top threats to enterprises with attack volume outpacing the first half of 2020 by 22%,” the researchers write. “It is the primary method used by threat actors to steal credentials, hijack accounts, and compromise organizations. While phishing continues to thrive, social media is increasingly being used for impersonation, fraud, and other cyber threats. Threats targeting enterprises via social media grew 47% in the first half of 2021, demonstrating its emergence as a top threat vector.”
The researchers found that fraud-related attacks were the most common form of phishing on social media, while payment services and the healthcare industry were highly targeted by these attacks.
“Payment Services and Healthcare experienced the steepest increases in social media attacks per business in Q2,” the researchers write. “Payment Services, which ranked the highest of all industries, increased threat activity by over 500% when compared to Q1. Healthcare experienced the second highest increase in activity from Q1 to Q2, moving up in rank from 17th to 10th, due to a 188% increase in attacks per business in Q2.”
PhishLabs also found that the amount of cryptocurrency-related phishing attacks grew tenfold in Q2 2021 compared to the previous quarter. Additionally, attacks targeting single sign-on (SSO) solutions rose by 40% in Q2 compared to Q1.
The researchers add that credential phishing and targeted attacks are the most likely to bypass security filters.
“Credential theft phishing and response-based attacks, such as BEC, pose the greatest risk to corporate email users, accounting for 96% of threats found in enterprise inboxes,” PhishLabs says. “These threats continue to evade email security controls at a high rate.”
New-school security awareness training with realistic simulated phishing emails can enable your employees to thwart social engineering attacks.
PhishLabs has the story.