Join us for the Human Behavior Conference on Oct. 30th

Phishing Reached All-Time High: Social Engineering News

hishing Reaches All Time High

Share This Post

Phishing reached an all-time high in the first quarter of 2022. To clarify what this means, in the first quarter of 2022 there were more than one million attacks. Without a doubt this is the worst quarter for phishing the Anti-Phishing Working Group (APWG) have ever observed. Here are a few significant trends they report on:

  • 7% Increase in credential theft phishing against enterprise users.
  • The Financial Services industry saw a 35% increase in attacks.
  • 6.6% Increase in phishing attacks against cryptocurrency targets.

Check Point Technologies reported on another equally important statistic that the business social network LinkedIn was related to over 52% of all phishing schemes globally in the first quarter of 2022.

Phishing Defined

At Social-Engineer, we define phishing as the “practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.”

Credential Theft Phishing Example

Malicious Voicemail-Notification-Themed Emails Attempt to Steal Office365 and Outlook Credentials.
In this recent campaign, threat actors are targeting users in US-based organizations such as software security, US military, security solution providers, healthcare/pharmaceutical, and the manufacturing supply chain. Researchers at Zscaler’s ThreatLabz, say that the attack begins with an email telling the targeted user they have a voicemail waiting for them contained in an attachment. If the user falls for the lure and opens the attachment it will direct them to a credential phishing site posing as a legitimate Microsoft sign-in page. Once the target is on the phony sign-in page they receive instructions to login, and complete the download of the voicemail recording. If the target does so, they will in fact be handing over their username and password to criminals.
hishing Reaches All Time High
Image: Zscaler’s ThreatLabz

To make the phishing email even more convincing, the bad actor crafts the “from” field to include the name of the target company. For instance, when an employee at Zscaler ThreatLabz was targeted the page URL used the format: zscaler.zscaler.briccorp[.]com/. Zscaler’s ThreatLabz reports on a few key findings of this phishing campaign:

  • Voicemail phishing campaigns continue to be a successful social engineering technique used by threat actors to lure targets into opening attachments.
  • The goal of the threat actor is to steal Office365 and Outlook credentials. Both of which are widely used by enterprises.
  • Each URL is crafted specifically for the targeted individual and organization.

How would your employees respond if they became a target in a credential theft campaign? Would they recognize the phishing email? Would they report it? Equally important, can your company afford the potential damage resulting from user credentials in the hands of criminals?

Test, Educate, and Protect

As shown above, phishing is an attack vector that criminals are exploiting with devastating results. In view of this, we invite you to explore  Social-Engineer’s Managed Phishing Service.  This is a fully managed program that measures and tracks how employees respond to email phishing attacks. Our Managed Phishing Service provides the following features:

  • Levelized emails.
  • Custom templates.
  • Tailored training based on failures.
  • Comprehensive reporting.
  • Phish notification feature.

Our patented process to construct messaging on varying levels of sophistication identifies at-risk user groups.  Employees also demonstrate their ability to recognize and report fraudulent emails.  Act now to protect your company from the  accelerating risk of phishing emails. Please contact us without delay to schedule a consultation.

More To Explore

Soft Skills for Cybersecurity Professionals
General

Soft Skills for Cybersecurity Professionals

As cyber threats continue to increase, so does the need for cyber security professionals. Some of the skills needed to succeed in the field of cyber security are programming skills,

Social Engineering

Keeping it Simple in Cybersecurity 

Today, the cybersecurity industry focuses a lot more on complicated solutions and tools. Companies are always looking to improve their security measures with the latest technologies. However, attackers often choose