anti-phishing-working-group-apwg-logo

Phishing Attacks Hit an All-Time High in Q1 2022

Phishing attacks reached a new high in the first quarter of 2022, hitting one million for the first time. According to the APWG’s latest Phishing Activity Trends Report, the APWG observed 1,025,841 overall phishing attacks in the first quarter of 2022. In March 2022, there were 384,291 attacks, a monthly record.

The banking industry landed on top of the attacks, accounting for 25.7% of all recorded attempts, however webmail and SaaS companies were also popular targets. Phishing attacks against bitcoin exchanges and wallet providers climbed from 6.7% in the previous quarter to 7% this quarter.

John Wilson, senior threat researcher at APWG, keeps track of the identity theft strategy known as “business email compromise”. Following the hectic holiday shopping season, spoofing attacks fell 16% from the previous quarter to 14%. Social media services, increased dramatically from nearly 10% to 14% of all attacks within the same time period.

This week, security experts revealed details of a massive new Facebook phishing attack that affected hundreds of millions of people. According to security firm Pixm, the campaign has been active since at least September 2021, although it grew dramatically in April and May 2022.

Phishing Attack Statistics
PHISHING ACTIVITY TRENDS Report Q1 2022

Facebook Messenger

In order to view a video, users are fooled into entering their credentials onto a legitimate-looking Facebook portal. The malicious actors take control of the account and uses Facebook Messenger to deliver further links to the victim’s connections. Facebook does not prohibit these links because they were created by legitimate services such as glitch.me, famous.co, and amaze.co.

According to PIXM:

Once the user clicks the link, this technique involves using perfectly legal app deployment services as the first step in the redirect chain. After clicking, the user redirect to the phishing website.

Mobile phishing attacks are becoming the top issue for IT and security organisations, according to Hank Schless, Senior Manager, Security Solutions at Lookout.

Mobile devices connect our personal and professional life. Phishing via social media or SMS on the same device you use for work might put your professional data at risk just as much as your personal information. On a mobile device, detecting a phishing attack is more difficult than on a desktop. Red signals we’ve been taught to look for on computers are almost impossible to spot on a smartphone. Organisations may get ahead of the problem by deploying a genuine mobile security technology across staff devices, which can protect your firm from such threats.

So far in 2022, at least 8.5 million people have visited the phishing webpage, demonstrating the attacks’ ongoing success rates.

Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.

Recent posts