Phishing Attacks: May 2021 Report Shows a 440% Increase

by | August 20, 2021 | Cybersecurity News

We’ve witnessed a spine-chilling 440% spike in phishing attacks this year, and figures paint a grim landscape for both organizations and individuals unless better security protocols, such as security awareness training, are in place.

Phishing Attacks Spiked in May

Approximately half of businesses (45.49%) and individuals (52.35%) were affected by at least one malware infection back in May this year, according to the Webroot BrightCloud Mid Year Threat Report latest metrics.

The report uncovered a massive 440% increase in phishing attacks in May 2021, the most significant phishing spike in a single month ever recorded. In addition, it showed that industries such as oil, gas, and mining had witnessed a 47% increase in the same six-month period, followed by manufacturers and wholesale traders with a 32% increase.

Who Is Being Picked On?

Webroot BrightCloud’s report extends with updated figures between January 1 and June 30 this year. It also observes the latest malware, phishing, and cryptocurrency exchanges trends.

Big brands continue to be affected by cyber extortion and ransomware attacks. For example, the giant Paypal accounted for 1% of the top 200 phished brands but saw a 1,834% spike in May. This shows that financial institutions are highly sought after by cybercriminals.

Phishing attacks impersonate financial institutions, such as Paypal.

The researchers also discovered that attackers target technology supply chains. The enterprise industry and the management of companies saw a major increase in malware infections, 57% more than the global average.

“People aren’t learning from their cyber mistakes, and more concerning, they aren’t equipped with knowledge on how to prevent repeat mistakes. Organizations must take ownership of the issue and do all they can in leading their people to improve security awareness, knowledge and habits.”

 Grayson Milbourne, security intelligence director at Webroot. 

The same report shows that phishing attacks are more and more focused on crypto exchanges and wallets. Webroot researchers discovered a 75% increase in Coinbase phishing pages using HTTPS immediately after Coinbase’s IPO.

Crytpojacking is also still highly active but has slightly declined since March last year, according to the report. This was a consequence of the ending of some crypto mining operations such as Minr, XMROmine, and JSECoin. Cryptojacking saw a decline of 39% by the end of June this year.

“Cryptocurrency is like leaving behind digital breadcrumbs on blockchain, and while cryptojacking in the browser is dead, crypto mining using applications is still very profitable and might yield a higher reward over time than a ransomware demand.”

David Dufour, vice president of engineering at Webroot.

Fight Phishing Attacks With ATTACK Simulator’s Security Awareness Training Program

Phishing attacks exploit human emotions that make them vulnerable, such as trust or fear. Therefore, your employees are the weakest link in the chain and the most susceptible to be bombarded with phishing attempts. That is until you provide them with comprehensive online security knowledge and the best practices they should stick to.

We believe that mistakes are the best teachers and the best way for your employees to learn to detect and fend off a phishing attempt is to experience one hands-on. Therefore, your employees will be exposed to real-life simulations. The purpose of these simulated attacks is to help your staff develop efficient defense mechanisms and acquire valuable decision-making skills.

Here’s what you’ll get for choosing our Security Awareness Training program:

  • Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
  • Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
  • User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
  • We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.

As security awareness training is not a one-off undertaking, we believe that practice makes perfect, and testing should occur regularly, as cyber threats never cease to exist and evolve. Therefore, we are ready to offer you a long-term security awareness training solution tailored to your business’s needs. Also, our long-running training solution keeps your employees on edge, helping them develop new security-oriented reflexes.

Never leave till tomorrow that which you can do today. Request your quote here.





Feature Image: Cards photo created by freepik –

Icons made by Freepik from

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.