The third quarter of 2022 saw a total of 1,270,883 phishing attacks, according to the APWG’s latest Phishing Activity Trends Report. The number of phishing sites reported in total for August 2022 was 430,141, which is a record-high monthly total for APWG.
Since APWG detected 230,554 attacks in the first quarter of 2020, the number of reported phishing attacks sent to the group has steadily increased over the time.
A part of the increase in Q3 2022 can be linked to an increase in the number of cyberattacks against different brands that were specifically targeted. These targeted companies and their clients saw a significant number of attacks from aggressive scammers.
According to Fortra’s John Wilson, Senior Fellow for Threat Research:
We saw a 488 percent increase in response-based email attacks in Q3 2022 compared to Q2. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.
Most Affected Industries by Phishing Attacks
Phishing attacks targeting the financial sector continued to be the most common kind of attacks in the third quarter of 2022, responsible for 23.2% of all phishing attacks, down from 27.6% in the second quarter, according to APWG founding member OpSec Security.
Attacks against software-as-a-service (SAAS) and webmail providers remained stable, while attacks on e – commerce websites decreased to 4.1%. After changing from 8.5% of all attacks in the 4th quarter of 2021 to 15.5% in the 2nd quarter of 2022, phishing against social media companies steadily dropped.
Phishing against cryptocurrency targets, such exchanges and wallet providers, decreased from 4.5% in Q2 to 2.0% in Q3, as the market was disturbed by falling prices.
According to Matthew Harris, Senior Product Manager for OpSec Security’s Fraud division:
The Logistics and Shipping sector saw a large fraud volume increase, led specifically by a large increase in phishing against the U.S. Postal Service. And continuing a trend we observed in Q2, we’re tracking a huge increase in mobile phone-based fraud; vishing detection volumes are more than three times what we saw in Q2.
One of the most well-liked methods for spreading ransomware is through phishing emails. Cybercriminals can gain access to the employee’s computer and start the process of installing and running the ransomware programme on it by fooling the user into clicking on a malicious link.
A company’s vulnerability to ransomware attacks an be reduced by maintaining updated PCs and servers and installing security updates, especially those marked as critical.
Malware and other harmful payloads in email can be reduced by modern email filtering technologies. Solutions can identify emails with harmful links, spam content, attachments, and language that might be a phishing attack.
To prevent the theft of company credentials, this involves hiding remote access servers behind VPNs, limiting access to devices that are visible to the public, turning on MFA, and providing phishing training.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.