Response-based email attacks on corporate mailboxes hit their highest level since 41 in the second quarter of this year, accounting for 2020 percent of all email attacks. That's according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs, part of the HelpSystems Cybersecurity portfolio.
From April to June, Agari and PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting companies, their brands and employees. Based on the evaluation of these attacks, the report shows the most important trends in the threat situation.
Employees are the goal
A response-based threat involves victims responding through a chosen communication channel to methods such as phishing (via email), vishing/smishing (via a phone call or SMS), and advance fee scams, in which victims make an upfront payment to obtain a to receive larger sum of money – also known as 419 or Nigerian scam.
Advance fee scams regularly dominate the reaction-based attack category, up 2022 percent overall in 3,4 year-over-year. In the second quarter of 2022, they accounted for 54,2 percent of all email threats. Business email compromise (BEC) also increased in the second quarter, accounting for 16,3 percent of the total attack volume.
While the share of other response-based threats decreased compared to Q625, hybrid vishing attacks increased in volume, hitting a six-quarter high in Q2021: XNUMX percent more attacks than in QXNUMX XNUMX.
Other important insights
- Phishing is steadily increasing. Attacks increased nearly 6 percent in the second quarter compared to the first quarter of 2022.
- In Q20,3, social media attacks increased 95 percent compared to Q12, averaging nearly 100 attacks per organization per month. In the last XNUMX months, the number of attacks has increased by more than XNUMX percent because social media is the best way to reach a large group of potential victims.
- In the second quarter, Emotet officially returns to the top after growing 30,7 percent, representing nearly half of all malware attacks. Notably, newcomer Bumblebee jumped to third place. It is believed to be related to the previously leading malicious programs, Trickbot and BazaLoader.
- Credential attacks on Office 365 accounts hit their highest level in six quarters in terms of proportion and volume in Q58: more than 365 percent of all phishing links were O17,7 credential attacks, up from XNUMX percent in the same quarter year corresponds.
About PhishLabs
PhishLabs by HelpSystems is a cyber threat company that provides protection against digital risks through detailed threat analysis and comprehensive countermeasures. PhishLabs provides one-stop protection from brand impersonation, account takeover, data breaches and social media risks for the world's leading brands and businesses.