In 2022, phishing attacks have not only increased substantially, but they have also taken a new turn of events. According to the Agari and PhishLabs Quarterly Threat Trends & Intelligence report, phishing attacks are gradually being delivered through a wide range of online platforms.  The classic email phishing attack technique has increased slightly, while other significant phishing trends include:

  • Impersonation scams through social media.
  • Dark web threats, such as credit card fraud.
  • Business Email Compromise (BEC) attacks.
  • Hybrid Vishing attacks.

Some detail about how enterprises and consumers are targeted by phishing attacks on these diverse platforms is worthy of deeper exploration.

As compared to Q1 2021 this year’s volume of total phishing sites showed a steady growth of 4.4% from January to March. Furthermore, it is anticipated that these numbers would increase throughout 2022. Financial businesses were the top targets, affected mostly by credential theft phishing.  While the incidence of this method declined by 7.4% from Q4 2021, it was still a remarkable 53.8% out of all attacks. The entire technology sector was targeted more in Q1, notably social media (21.5%), webmail/online services (5.5%), ecommerce (1.9%), and cloud storage/hosting. The largest increase of attack volume of credential theft (+9.6%) was reported in the social media industry.

Paid domain registrations or compromised sites were primarily used to stage the majority of phishing sites. This staging method is the first instance in five consecutive quarters, representing the highest of 52% of abused paid services from all incidences. The most common staging method was through compromising existing websites 35.1%.

66% of phishing sites were staged on legacy generic Top-Level Domains (gTLDs), which contributed to almost half of all domain abuse phishing activity.  Of course, these dizzying numbers are (Read more...)