Q1 2022 Phishing Threat Intelligence and Trends Report


In 2022, phishing attacks have not only increased dramatically, but they have also taken a new turn of events. According to Agari and PhishLabs Quarterly Trends and Threat Intelligence Report, phishing attacks are gradually being spread through a wide range of online platforms. The classic email phishing attack technique has increased slightly, while other significant phishing trends include:

  • Identity theft scams via social networks.
  • Dark web threats, such as credit card fraud.
  • Business Email Compromise (BEC) Attacks.
  • Hybrid Vishing Attacks.

Some details about how businesses and consumers are targeted by phishing attacks on these various platforms deserve further exploration.

Compared to the first quarter of 2021, the total volume of phishing sites this year showed a steady growth of 4.4% from January to March. Further, these numbers are expected to increase throughout 2022. Financial firms were the primary targets, mostly impacted by credential theft and phishing. Although the incidence of this method decreased by 7.4% compared to Q4 2021, it was still a remarkable 53.8% across all attacks. The entire technology sector was more targeted in the first quarter, including social media (21.5%), web/online messaging services (5.5%), e-commerce (1.9% ) and cloud storage/hosting. The largest increase in the volume of credential theft attacks (+9.6%) was reported in the social media industry.

Paid domain registrations or compromised sites were primarily used to stage the majority of phishing sites. This staging method is the first instance in five consecutive quarters, accounting for the highest 52% of paid services abused of all incidences. The most common staging method was to compromise 35.1% of existing websites.

66% of phishing sites were staged on legacy generic top-level domains (gTLDs), which contributed to nearly half of all domain abuse phishing activity. Of course, these dizzying numbers are most easily understood in the graph of the report.

Credential theft still reigned supreme in all threats to enterprise email systems. Interestingly, employees treat many messages with great caution. However, 82% of reported emails were identified as “No Threat Detected”. While this heightened sensitivity may generate some cynicism about the value of security awareness training, the report notes that:

“Although the majority of emails reported by employees are unclassified
as malicious, identifying and reporting suspicious activity
by a trained workforce is needed to prevent attacks from growing
pass mail filters.

In 2022, it is somewhat unbelievable that 419 attacks based on the “Nigerian Prince” response increased by 3.3%. The fact that this decades-old scam still exists is almost mind-boggling. Before the Internet, these scams were transmitted via fax machines. Unfortunately, the report does not state the success rate of these scams, but their continued existence suggests that they are still effective.

Threat volume from social media channels increased 27% from Q4 to Q1 alone. This is a 107% increase targeting businesses. Impersonation scams are the most common method of attack on social media, followed by fraud and traditional account compromise techniques. Financial institutions remain the main target of attacks on social networks.

The top dark web threat cited in the PhishLabs report is credit card fraud. The dark web is most famous for the release of stolen card data, which contributed 53.7% of the total dark web threat share, despite a 20% decline in the first quarter. The second most common dark web threat is the sale of corporate credentials. 64% of stolen data was mainly traded on marketplaces and carding forums. Forums saw a strong 9.3% increase in activity across all dark web markets.

As with attacks on social media, financial institutions are the sectors most targeted by dark web attacks. Credit unions and financial services companies round out the list.


The report indicates technological and strategic improvements in phishing tactics, and businesses are targeted more than private consumers. Phishing attacks have leveraged various media to perform malicious activities. Apart from the traditional email delivery mechanism, social media is the most trending platform. Organizations should be vigilant against these scams and carefully maintain a presence on these platforms to confirm their authenticity and validity to avoid phishing activities and secure the business name.

One way for organizations to protect themselves against phishing attacks is to apply email filters and enforce security protocols in their systems to reduce the impact of credential theft attacks. While some personnel will become overly cautious, security awareness training remains a valid and valuable defense.

Organizations should pay close attention to the various platforms available today that allow threat actors to easily perform many fraudulent activities. Phishing attacks are executed in various forms, using a myriad of tactics. It is the responsibility of every organization to address any phishing-related activity for consumer and even employee awareness. Appropriate monitoring of these platforms and the application of appropriate security protocols and mechanisms to deter phishing threats is a valuable security approach.

About the Author: Dilki Rathnayake is a cybersecurity student studying for her BSc (Hons) in Cybersecurity and Digital Forensics at Kingston University. She is also skilled in computer network security and Linux system administration. She has led outreach programs and volunteered for communities that advocate for best practices in online safety. In the meantime, she enjoys writing blog posts for Bora and exploring more about computer security.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.


Comments are closed.