How Auditors Assess Cyber Risks
Blog

Phishing Attacks on Social Media Doubled in 2021

Technology


Phishing attacks on social media doubled in 2021, according to a new report from PhishLabs by HelpSystems. Most (68%) of these attacks targeted organizations in the financial sector, followed by the telecommunications sector in second place at 24%.

“According to the findings, the number of social media attacks per target increased 103% from January 2021, when enterprises were experiencing an average of just over one threat per day,” the researchers state. “In December, enterprises averaged over 68 attacks per month, or more than two per day.”

The researchers also observed a significant rise in phishing emails that attempt to trick victims into calling scammers.

  • Hybrid Vishing (voice phishing) attacks initiated by email increased 554% in volume from Q1 to Q4.
  • Phishing volume has grown 28% year-over-year, with half of all phishing sites observed in Q4 being staged using a free tool or service.
  • Malware delivered via email nearly tripled in Q4, led by a resurgence in Qbot and ZLoader attacks.
  • 70% of advertisements for stolen data took place on chat-based services and carding marketplaces in Q4.
  • The percentage of attacks targeting financial institutions increased from 33.8% in Q1 to 61.3% of all phishing sites observed in Q4.

John LaCour, Principal Strategist at HelpSystems, stated that organizations’ security teams need to be aware of social engineering attacks on social media.

“2021 was another record-setting year for social media as a threat channel,” LaCour said. “Threat actors use social media to commit fraud, impersonate brands and executives, and launch a variety of cyber threats, forcing security teams to monitor a variety of platforms for activity targeting their enterprise. Financial Institutions were the most actively targeted by threat actors since their services are often used broadly across several business sectors.”

Security awareness training can enable your employees to recognize phishing and other social engineering attacks. Learn more about Yeo & Yeo Technology’s security awareness training solutions.

Information used in this article was provided by our partners at KnowBe4.

Want To Learn More?

Connect with one of our professionals today.