Phishing attacks reach record highs

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Phisherfolk were most active in August, sending more than 207.3 million phishing emails, nearly double the amount in July. September was the second most active month for phishing with 172.6 million emails. Malware threats peaked in September (45.6 million), followed by August (45.5 million) and July (34.6 million).

The Vade report also looks at the most impersonated brands with old favorites Facebook and Microsoft continuing to top the charts. In fact Facebook accounted for more phishing URLs than the next seven most spoofed brands combined (16,657 vs. 16,432).

Attacks targeting Microsoft 365 remain popular, including ‘Qrishing’ attacks using QR codes to lure victims and bypass detection.

Looked at by industry, cloud, social media, and financial services all saw dramatic increases in phishing attacks of 127 percent, 125 percent, and 121 percent, respectively. Government experienced the greatest increase of 292 percent, while eCommerce and logistics also grew by 62 percent. Only the internet/telco sector experienced a decline (-29 percent).

Overall, financial services accounted for the highest total of phishing URLs, followed by cloud, social media, e-commerce/logistics, internet/telco, and government. Bank of America has been a particular target over the report period, with an 873 percent increase in phishing URLs targeting the bank. It was the most impersonated financial services company and the third most spoofed brand overall in Q3, after ranking as the 22nd most impersonated brand in the previous quarter.

The report's authors conclude by pointing out that email remains the most common attack vector for phishing and businesses need to look towards integrated email security solutions and phishing awareness training in order to protect themselves.

You can find out more on the Vade blog.

Image credit: weerapat/depositphotos.com