APWG REPORT: Phishing Attacks Reach New High in Q2 2022


CAMBRIDGE, Mass., Sept. 20, 2022 (Newswire.com) –
The new APWG Phishing Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks – the worst quarter for phishing ever observed by the APWG.

The total for June was 381,717 attacks or phishing sites. The number of phishing attacks reported to the APWG has quadrupled since the start of 2020 – when the APWG observed between 68,000 and 94,000 attacks per month.

In Q1 2022, APWG founding member OpSec Security found that phishing attacks against the financial industry, which includes banks, remained the largest set of attacks, accounting for 27.6% of all phishing.

Attacks against webmail and software-as-a-service (SAAS) providers also remained common, while attacks against retail/e-commerce sites fell from 17.3% to 14.6% after the holiday shopping season.

Phishing against social media websites increased to 15.3% of all attacks.

Phishing against cryptocurrency targets – such as cryptocurrency exchanges and wallet providers – accounted for 6.5% of the total, making them more prevalent than attacks on online games, government sites and combined telecommunications services.

Matthew Harris, Senior Product Manager, Fraud at Opsec, said: “Finally, we are seeing a huge increase in mobile phone fraud, with smishing and vishing collectively seeing an almost 70% increase in volume over totals. of the first trimester.

“We still see fraud coming through the typical OTT apps (WhatsApp, WeChat, Facebook Messenger, etc.), but SMS fraud is really key here,” Harris said.

Crane Hassold, director of threat intelligence at APWG member Abnormal Security, analyzed ransomware activity during the quarter. “The transportation sector has seen the highest growth in the number of ransomware victims,” Hassold said. “The healthcare industry, which has long been a concerning target of ransomware attacks, also saw a significant increase in attacks in the second quarter, growing 53% from the first quarter.”

“Business Email Compromise,” or BEC, is a scam that affects businesses large and small. When scammers attempt to trick victims into making an electronic transfer to the scammer, Agari found the average amount requested was $109,467, up from $91,436 in Q1 2022, the highest average that the company has known since Agari began tracking data.

“The industry is doing quite well in keeping malware out of enterprise users’ inboxes,” said John Wilson, Senior Fellow, Threat Research at HelpSystems. “However, this is not the case for phishing emails that steal credentials or elicit a response (like BEC). Ninety-five percent of threats detected in users’ inboxes in the second quarter were either credential theft or response-based attacks.”

The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q2_2022.pdf.

Media Contact: [email protected] or tel:+1 617 669 1123

Founded in 2003, the Anti-Phishing Working Group (APWG) is a global coalition of industry, law enforcement and government focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and telecom operators, the law enforcement community, solution providers, multilateral treaty organizations, research centers, professional associations and government agencies. More than 2,200 companies, government agencies and NGOs participate in the APWG worldwide. The APWG www.apwg.org and education.apwg.org The websites provide the public, industry and government agencies with practical information on electronic phishing and fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of STOP. THINK. RELATE. Messaging Convention, the global collaboration to raise public awareness of online safety (https://messagingconvention.org) and founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference devoted specifically to electronic crime studies (www.ecrimeresearch.org). The APWG advises hemispheric and global business groups and multilateral organizations such as the European Commission, the G8 Sub-Group on High-Tech Crime, the Council of Europe Convention on Cybercrime, the Office of United Nations on Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and Organization of American States. The APWG is a member of the Steering Group of the Commonwealth Cybercrime Initiative of the Commonwealth of Nations. APWG corporate sponsors include: 418 Intelligence, Abnormal, Accenture, Acronis, Afilias, AGARI by HelpSystems, AhnLab, AT&T, Allure Security, AREA 1, AIT, appgate, Asurion Insurance Services, Avast, Awayr AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, Bolster, BrandShield, Browser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ .NIC, DS Lab, DigiCert, dmarcian, DNS Belgium, DomianTools, EBRAND, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GERNE Technology, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. HelpSystems, Hitachi Systems, .ID, ICANN, Infoblox, Ingressum, INKY Technology Company, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NCA, NAVER, Netcraft , NetSTAR, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs by HelpSystems, Proofpoint, Qintel, Rakuten, Recorded Future, Redsift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec , SIDN, SlashNext, Sopos, SWITCH, Symantec, Tessian. Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber ​​​​Security, Webroot, workday, ZeroFOX, ZibaSec, Zimperium, ZIX and zvelo.

Source: APWG


Comments are closed.