Voice Phishing: Vishing attacks have overtaken business email compromise (BEC) as the second most reported email threat as of Q2021 XNUMX. A report shows the increase in attacks by more than five times compared to the previous year.
The number of vishing cases (voice phishing) has increased by almost 1 percent in the last twelve months (Q2021 1 to Q2022 550). This is according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs, both part of the HelpSystems Cybersecurity portfolio. During the first quarter of 2022, Agari and PhishLabs uncovered and eliminated hundreds of thousands of phishing, social media, email, and dark web threats targeting numerous businesses and brands. The report provides an analysis of the latest findings and insight into the most important trends in the current threat landscape. In a vishing call, a scammer contacts an individual by phone or voice to ask for personal or business information in order to obtain money, data, or other services.
Vishing plus phishing as an attack
Vishing attacks have overtaken business email compromise (BEC) as the second most reported email threat since Q2021 2022. At the end of the year, more than one in four reported response-based threats was a vishing attack, and this trend continued through the first quarter of XNUMX.
Other important insights
- Attacks using fake social media identities are on the rise. Since Q2 2021, brand impersonations have increased by 339 percent and executive impersonations by 273 percent. Brands are proving to be attractive targets for cybercriminals, especially when paired with counterfeit retail products. However, some individual attacks also use executive accounts to make the fakes appear more realistic.
- Email credential theft remains the most common variant reported by employees, accounting for nearly 59 percent of all threats. The number of reports of credential theft increased by 4 percent compared to Q2021 6,9.
- The malware landscape is constantly evolving. While Qbot was again the preferred variant for ransomware attacks, Emotet reappeared in Q1 and landed in second place.
- While nearly half of all phishing websites use a free tool or service, the first quarter of 2022 was the first in five straight quarters in which paid or compromised services (52 percent) were more commonly used to set up phishing sites as free solutions.
"Hybrid vishing campaigns continue to generate staggering numbers, accounting for 2022 percent of total volume so far in 26,1," said John LaCour, HelpSystems chief strategist. “We're seeing an increase in attackers moving away from standard voice phishing campaigns and conducting multi-stage email attacks. In these campaigns, the actors use a callback number in the body of the email as bait, and then use social engineering and a fake identity to trick the victim into calling and communicating with a supposed employee.
Bait: callback number in body of email
As companies increasingly use digital channels to conduct business and communicate with consumers, criminals have multiple avenues to target their victims,” continued LaCour. “Most attack campaigns are not new developments, but are based on modified traditional strategies and the use of multiple platforms. In order to guarantee security, companies can no longer limit themselves to the network area. They also need a comprehensive view of external channels to proactively gather intelligence and detect threats. Additionally, security teams should invest in partnerships that ensure rapid and complete mitigation of attacks before they result in reputational and financial damage.”
The complete report can be downloaded free of charge from Phishlabs.
More at Phishlabs.com