To no ones surprise Phishing is becoming more and more of a threat to our cybersecurity as the number of phishing attempts as risen over the last quarter alone. A recent report from the APWG(Anti-Phishing Working group) reveals that phishing First quarter of 2021 is not on the decline. Some of there findings are listed below,
CIT’s Phishing for Awareness series has highlighted a number of different forms of phishing, but it is also important to remind ourselves of the very basics of phishing.
Phishing in a broad sense is a combination of social engineering and logical attacks in order to gather important data. Oftentimes cyber criminals will send an email (sometimes from a false email of a coworker or higher up) in order to get you to click on a malware link or divulge confidential information. Phishing can also include impersonation through social media or popular websites to trick individuals into entering login credentials. With how sophisticated phishing schemes are becoming coupled with the fact that the sheer volume of attacks is staggering, it is no wonder these kinds of attacks are so dangerous.
The APWG Report
The Anti-Phishing Working Group has released a report highlighting some key statistics and trends in the first quarter of 2021. These trends tend to highlight the fact that not only are cyber criminals becoming more bold, but are also developing newer and better techniques. Take a look below at some of the key findings.
When it comes to technique the APWG found that a dominant form of phishing schemes was phishing websites. In January alone the APWG found that roughly 245,000 new sites had been created. That is a 347% growth from January of 2020! Often times phishing websites are used in order to lure individuals into giving away login credentials to a website they think they can trust. These attacks are especially dangerous because they can attack with a wide range.
Business Email Compromise
Business Email Compromise schemes involve a cyber criminal impersonating a fellow employee or higher up in order to extract sensitive information through emails. An example of this would be if you received an email from your direct manager asking you to wire some company funds through a link in order for them to complete some important payroll tasks. Often times they’ll make the message sound urgent by using language like: “I need this information ASAP”. All of this is a rouse in order to trick you into leaking confidential information. The APWG found that from Q4 of 2020 to Q1 of 2021 average monetary requests through BEC schemes increased about 14% from $75,000 to $85,000. This shows a trend that hackers are becoming more and more bold in their monetary requests.
Who’s The Target?
The APWG also released some vital statistics on who is being targeted the most by these phishing schemes. The most targeted industry is still financial institutions with 24.9% of attacks being directed to them. This is still an increase from the previous year by roughly 2%. Coming in second place is social media with an increase from 11.8% to 23.6% in just one quarter. With social media attacks becoming more relevant it is important to keep your accounts secure. Phishing first quarter was not selective, don’t become a victim.
Even just a few of these statistics paint the picture that these types of schemes are a real threat and they will only continue to rise in scope and scale as our world becomes more technology focused. This is why it is important to educate yourself on what different types of phishing attacks how and how you as an individual can combat them. Phishing first quarter was on the rise and will likely continue to rise in 2021. CIT is here to help with your Security Awareness Training, don’t let your humans be a weak link.
Read More From Our Phishing For Awareness Series!
- PFA: Pop-up messages, email spoofing & URL Phishing Attacks
- PFA: Business Email Compromise Schemes and Website Spoofing
- PFA: Impersonation and Social Media
- PFA: Spear Phishing & Subdomain Attacks
- PFA: Malware Injection & Image Phishing
- PFA: Clone, Man-in-the-Middle & Search Engine Phishing Attacks
- PFA: Advanced Phishing Tactics
- PFA: 3 More Advanced Phishing Tactics
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more and let us show you how good I.T. can be — Don’t Gamble With Your Security