Phishing activity increased dramatically in the second quarter of 2021, according to a recent report by Vade. The company observed 4.2 billion phishing emails in June alone.
“Overall phishing increased dramatically in Q2 2021, with a significant spike (281 percent) in May and another 284 percent increase in June, for a total of 4.2 billion phishing emails detected by Vade for the month,” the researchers write. “The increase in May can be attributed to spambot activity, as well as an increase in Amazon and SMBC phishing.”
Vade adds that the sophistication and quality of attacks are also increasing.
“H1 saw a surge of advanced phishing attacks featuring sophisticated automation techniques and abuse of high-reputation domains,” the researchers write. “Due to the high level of targeting and automation we have seen in the first half of 2021, we should place less emphasis on the total number of unique URLs detected and more on the nature and quality of the threats received.”
Vade discovered a phishing campaign that used automation to create phishing pages that were tailored to their victims.
“In late June, Vade detected a sophisticated Microsoft phishing attack featuring automated rendering of public logos and background images on Microsoft 365 login pages,” the researchers write. “When a victim clicks on an email phishing link, they are taken to a waiting page, the purpose of which is to determine if the user is the intended target. If the user is not the intended target, the phishing page is not shown. If the victim is the intended target, the hacker then makes an HTTP post request for the logo and background image of the victim’s corporate entity. The victim is then redirected to a custom Microsoft 365 login page with their company’s corporate logo and background image.”
New-school security awareness training can enable your employees to thwart social engineering attacks.
Vade has the story.
Here's how it works:
