A new report on cybercrime in the first quarter of this year warns of several phishing trends gaining traction and threatening the online space more and more. While the classic email phishing attack is still a hackers’ favorite, other phishing techniques have also gained popularity in 2022.

Phishing Trends To Watch Out For This Year

Compared to Q1 2021, the total number of phishing sites saw a 4.4% increase from January to March. Additionally, in a new report from PhishLabs, researchers observed several other phishing trends, including social media impersonation scams, dark web threats (credit card fraud), BEC (Business Email Compromise) attacks, and Hybrid Vishing attacks.

Phishing trends involve abusing popular TLDs.
Source: PhishLabs

Worse, experts anticipate that these numbers will only increase throughout 2022. Compromised mostly by credential theft phishing, financial businesses are among the top targets. While the volume of this type of attacks has decreased by 7.4% from Q4 2021, it still claims a staggering 53.8% out of all incidents. IN Q1, threat actors paid more attention to targets in the technology sector:

  • Social media attacks – 21.5% (a 9.6% increase)
  • Webmail/online services – 5.5%
  • Ecommerce – 1.9%

Attacks carried on social media platforms have seen by far the most significant increase.

The majority of phishers chose to stage their phishing sites via compromising existing legitimate websites. 66% of phishing sites were staged on legacy generic Top-Level Domains (gTLDs), which contributed to almost half of all domain abuse phishing activity. 

Credential theft remains the most prevalent threat in corporate email systems. It is worth mentioning that employees are becoming highly cautious when dealing with emails they think might be dangerous. However, 82% of the reported messages were not considered a threat by those who examined them.

“While the majority of employee-reported emails are not classified as malicious, the identification and reporting of suspicious activity by a trained workforce is needed to prevent attacks that increasingly make it past email filters,” the report says.

What is perhaps the most unbelievable finding of all is that the “Nigerian Prince” scam not only still exists, but has also seen an increase of 3.3%.

Social Media Phishing Trends

The total number of attacks carried out via social media channels has seen a 27% increase from Q4 to Q1. Impersonation scams are the most frequent technique used in social media attacks, followed by fraud, and traditional account compromise methods. Financial businesses are still the main focus of social media scams.

According to the PhishLabs report, credit card fraud is the top dark web phishing threat. The dark web is the go-to place for hackers who want to publish and sell stolen card data, or for those looking to buy it. This method sums up 53.7% of the total dark web cyber threats, despite a significant 20% decline in Q1. The second most prevalent dark web threat is the sale of stolen corporate credentials. 64% of the compromised data was mainly marketed on underground marketplaces and forums. Dark web forums dedicated to data selling gained a substantial 9.3% increase in activity.

Similar to social media cyber threats, financial institutions are the most targeted by dark web attacks.

Combat Phishing Attacks With Security Awareness Training

Researching the latest phishing trends and strategies and adequately training your employees can be a hassle, so leave it to professionals.

Your safest bet is to provide your employees with a solid and comprehensive Security Awareness Training program, such as ours.

Here are a few perks of choosing ATTACK Simulator:

  • Automated attack simulation – we simulate all kinds of cyberattacks.
  • Real-life scenarios – we evaluate users’ vulnerability to give company-related or personal data away using realistic web pages.
  • User behavior analysis – we gather user data and compile it into extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as possible.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
  • Brand impersonation – we impersonate popular brands to make the phishing simulations all the more realistic.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Sources:

PhishLabs Quarterly Threat Trends & Intelligence

TripWire Q1 2022 Phishing Threat Trends and Intelligence Report

Attribution:

Feature Image: Photo by stephen momot on Unsplash