Researchers Find a 30% Increase in Phishing Attacks From 2020
Table of Contents
- By David Lukic
- Published: Nov 16, 2021
- Last Updated: Mar 18, 2022
Phishing remains the main attack strategy for cybercriminals, increasing by 31.5 percent over 2020. PhishLabs revealed this in their Quarterly Threat Trends and Intelligence Report. September 2021 witnessed a remarkable surge in cases as phishing attacks doubled the figure reported at the same time last year.
What Did the PhishLabs Report Reveal?
On November 9, IT service management company PhishLabs released their quarterly cyber threat intelligence report which analyzed the latest findings and insights into key trends shaping the cyberthreat landscape.
“While we saw a drop early this summer in phishing volume, threat actors didn’t take the whole summer off,”
said John LaCour, the Founder, and CTO of PhishLabs.
“Attacks have been on the rise since July and surged in September. If these trends continue, many IT security teams will find themselves dealing with a deluge of threats over the holidays.”
PhishLabs by HelpSystems is a cyber intelligence company that provides digital risk protection through supervised threat intelligence and complete mitigation. They also analyze thousands of cyberattacks targeting a broad range of brands and organizations.
How Much Damage Was Done In 2021?
According to the report, social media attacks per target increased by 82 percent in 2021. Vishing or voice phishing cases doubled for the second quarter in a row. This increase indicates that threat actors are changing tactics, possibly in an attempt to evade email security control.
In other key findings, Microsoft Office 365 users were alerted to a threat that continues to affect businesses. 51.6% of phishing attacks reported by corporate organizations targeted Office 365 logins. The availability of personally identifiable information (PII) on the dark web also increased. The sale of PII accounted for 12% of cases involving threat actors offering employee email addresses for sale in the black market.
PhishLabs also identified payment service industries as the most targeted. 75% of threats on the dark web involved stolen credit and debit card data.
What is a Phishing Attack?
According to the Cybersecurity & Infrastructure Security Agency, phishing is when a hacker tricks an innocent victim into providing personal information. They may pose as representatives of a trustworthy organization and supply some credentials to back up the claim. For instance, a threat actor claiming to be an employee of a credit card company may send a mail requesting that you verify or update your personal information. In most cases, the mail often suggests that there is a problem with the account.
When you click the links in the mail, it redirects you to a spoofed site that looks exactly like the original website. You will be required to enter passwords, credit card numbers, or banking PINs. By supplying this personal information, hackers can easily access and steal your information.
What Are Companies Doing to Prevent Phishing Attacks?
Companies are implementing added cyber security measures to prevent future phishing attacks. Let’s take a look at some of them.
- Raising Cyber Security Awareness: Companies are raising awareness of how employees can identify and mitigate phishing attacks. If each employee recognizes the signs, it is less likely to fall victim and jeopardize the company’s network.
- Using Spam Filters to Block Malicious Emails: They have installed secure email gateways and spam filters to identify malicious emails. Once flagged, the filters prevent the fraudulent emails from getting to an employee’s inbox.
- Enabling Multi-Factor Authentication (MFA): Even if an employee falls victim, the extra login policy of MFA (multi-factor authentication) will lower the chances of a hacker accessing employee accounts.
- Promptly Reporting Phishing Attempts: Companies now have a policy that mandates promptly reporting phishing attempts to appropriate authorities. Doing this will help them reinforce existing cyber security measures. It will also help them understand how to respond to similar incidents in the future.
