Phishing grows as attackers target social media

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

Telecommunications and ISP data continues to be marketed on Dark Web sites too. Threat actors who gain access to account data often have access not only to payment method data, but also login credentials and highly sensitive PII.

"While we saw a drop early this summer in phishing volume, threat actors didn't take the whole summer off. Attacks have been on the rise since July and surged in September. If these trends continue, many IT security teams will find themselves dealing with a deluge of threats over the holidays," says John LaCour, founder and CTO of PhishLabs.

Vishing incidents have also more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls.

Businesses continue to be the target of Office 365 phishing attacks too, in Q3 2021, 51.6 percent of credential theft phishing attacks reported by corporate users targeted O365 logins. Attacks have now increased for four quarters in a row.

"The continued climb in social media threats makes it imperative that businesses prioritize visibility across platforms such as Twitter, Facebook, Instagram, and more. As seasonal hiring ramps up for the holidays, the staffing industry in particular needs to be prepared to deal with online impersonation and other scams," adds LaCour.

The full report is available from the PhishLabs site.

Image Credit: Maksim Kabakou / Shutterstock