The first three months of 2022 saw more than a million reported phishing attacks, according to the APWG’s Phishing Activity Trends Report.
It’s the most phishing attacks that have ever been reported in a quarter, and it follows a steady increase in attacks throughout the past year. In April 2021, the APWG observed just over 200,000 phishing attacks. By March 2022, it almost doubled, to 384,291.
According to the report, the industry most likely to be targeted was the financial sector. It found that 23.6% of all incidents affected organisations that provide such services.
The next most frequent targets were software-as-a-service and webmail providers (20.5%) and e-commerce sites and retail stores (14.6%).
The report also found that 12.5% of phishing attacks target social media sites, while cryptocurrency platforms account for 6.6% of incidents.
How we are being tricked
According to John Wilson, the Senior Fellow of Threat Research at HelpSystems, the majority of phishing attacks are conducted using BEC (business e-mail compromise).
Unlike most phishing attacks, they are highly targeted and as a result are generally more successful. The scammer will take the time to compromise or replicate the email address of an organisation’s CEO or another high-level executive, and then email an employee with their request.
For example, if the attack was designed to steal money, the fraudster would email the chief financial officer or whoever else is responsible for financial transactions.
Meanwhile, if they were targeting sensitive data, they might contact the organisation’s head of HR.
Wilson noted that in the first quarter of 2022, 82% of BEC messages were sent from free webmail accounts. Gmail is the most popular provider, accounting for 60% of BEC scams.
Meanwhile, 18% of BEC messages used email domains owned by the attacker.
The report also found that the average sum that scammers requested in wire transfer BEC attacks in Q1 2022 was $84,512 (about €98,000). This is a significant increase over the previous quarter, in which scammers requested €50,027 (about €58,000) on average.
In Q1 2022, over one in five wire transfer requests sought more than $100,000.
Meanwhile, John LaCour, the Principal Product Strategist at PhishLabs by HelpSystems, highlighted the threat of impersonation attacks on social media.
“A lot of companies don’t realize that their executives are being spoofed on social media. This is a huge business risk,” said LaCour. “Social media attacks against business continue to grow quickly.”
The report found that organisations are targeted on social media nearly three times a day on average. In Q1 2022, impersonation attacks accounted for 47% of all social media threats, compared to 27% in the previous quarter.
Phishing replacing ransomware
Another significant finding in the report is that, as phishing attacks have increased, incidents of ransomware attacks have decreased.
Ransomware is often planted on organisations systems using phishing attacks, so you wouldn’t expect a correlation like this – nor would you expect a decrease in ransomware given current trends.
The popularity of ransomware exploded in 2022, with the number of reported incidents escalating and ransom payments skyrocketing. However, after several high-profile attacks, it appears that organisations have caught on to the risk and are increasingly implementing appropriate defences.
This includes taking steps such as regularly backing up sensitive information, which can be restored rather than negotiating with the attackers to receive a decryption key. Organisations are also better equipped to deal with disruptive incidents thanks to the adoption of business continuity plans.
The APWG’s report found that incidents of ransomware decreased across almost all sectors during Q1 2022. The only exception is the financial services industry, which reported a 35% increase.
This is possibly due to the array of payment information those organisations hold, and would explain why the sector remains the most popular target for phishing emails.
Encrypting an entire organisation provides huge leverage, and the compromised information could net the criminals a huge gain. It’s harder to steal payment card data in a phishing attack, because it’s restricted information so you need a spear phishing attack targeting a specific employee.
The APWG’s report indicates that cyber criminals are focusing their energy on ransomware targeting the financial sector.
That said, schools and the healthcare sector remain a major risk. They are typically the most at-risk sectors, because of the pressure to get systems running again. Many have prepared accordingly, but organisations that don’t risk catastrophic damage.
Preparing for phishing emails
This report warnings demonstrate the threat that phishing plays. Cyber criminals use scams for any number of purposes, and anyone can be a target.
You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.
This online course uses real-world examples like the ones we’ve discussed here to explain how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.
The content is updated quarterly to include recent examples of successful attacks and the latest trends that criminals use.