New quarterly data from the Anti-Phishing Working Group shows unprecedented phishing activity with increases in BEC, use of social media, vishing, and smishing.
It’s never good when phishing attacks are moving, proverbially, “up and to the right.” But that’s exactly what we’re seeing in APWG’s Phishing Activity Trends Report for Q2 of this year. According to the report, phishing of all kinds is on the rise, with some metrics hitting a high:
- Q2 saw 1,097,811 total phishing attacks – a quadrupling of attacks per quarter when compared with early 2020, where APWG reported an average of 81,000 attacks in a single month.
- June saw over 381,000 attacks – an all-time high since the reports inception
- The average BEC transfer amount was just above $109K – a nearly 20% increase from Q1
- Social Media-based threats increase 47% over Q1
- Mobile phone-based fraud, with smishing and vishing collectively seeing a nearly 70 percent increase over Q1
It’s bad. Really bad.
Organizations serious about stopping this threat need a layered security strategy that includes DNS protection, Web protection, Email protection, Endpoint protection, and Security Awareness Training to ensure that either nothing malicious comes in, and – if it does – users are trained to recognize it, not engage, and empowered to immediately report it.