www.tripwire.com Open in urlscan Pro
192.229.182.232  Public Scan

Form analysis
1 forms found in the DOM

GET /state-of-security

<form action="/state-of-security" class="form form-search" id="search-form" method="get" target="_self" __bizdiag="115" __biza="WJ__"><input id="s" name="s" type="text" value="" placeholder=""><button class="btn-search" type="submit"> </button>
</form>

Text Content

Skip to content ↓ | Skip to navigation ↓


THE STATE OF SECURITY

NEWS. TRENDS. INSIGHTS.

Tripwire, Inc.

Toggle navigation
 * Featured Articles
 * Topics
   * DevOps
   * Cloud
   * ICS Security
   * Vulnerability Management
   * Security Controls
   * Government
   * Healthcare
   * Regulatory Compliance
 * Podcasts
 * VERT
 * Resources
   * Tripwire Resources
   * Slideshare

 * EXPLORE TRIPWIRE

Home » News » Q1 2022 Phishing Threat Trends and Intelligence Report


Q1 2022 PHISHING THREAT TRENDS AND INTELLIGENCE REPORT

 * Tripwire Guest Authors
 * 

 * Jun 20, 2022
 * IT Security and Data Protection



In 2022, phishing attacks have not only increased substantially, but they have
also taken a new turn of events. According to the Agari and PhishLabs Quarterly
Threat Trends & Intelligence report, phishing attacks are gradually being
delivered through a wide range of online platforms.  The classic email phishing
attack technique has increased slightly, while other significant phishing trends
include:

 * Impersonation scams through social media.
 * Dark web threats, such as credit card fraud.
 * Business Email Compromise (BEC) attacks.
 * Hybrid Vishing attacks.

Some detail about how enterprises and consumers are targeted by phishing attacks
on these diverse platforms is worthy of deeper exploration.


PHISHING THREAT TRENDS

As compared to Q1 2021 this year’s volume of total phishing sites showed a
steady growth of 4.4% from January to March. Furthermore, it is anticipated that
these numbers would increase throughout 2022. Financial businesses were the top
targets, affected mostly by credential theft phishing.  While the incidence of
this method declined by 7.4% from Q4 2021, it was still a remarkable 53.8% out
of all attacks. The entire technology sector was targeted more in Q1, notably
social media (21.5%), webmail/online services (5.5%), ecommerce (1.9%), and
cloud storage/hosting. The largest increase of attack volume of credential theft
(+9.6%) was reported in the social media industry.

Paid domain registrations or compromised sites were primarily used to stage the
majority of phishing sites. This staging method is the first instance in five
consecutive quarters, representing the highest of 52% of abused paid services
from all incidences. The most common staging method was through compromising
existing websites 35.1%.

66% of phishing sites were staged on legacy generic Top-Level Domains (gTLDs),
which contributed to almost half of all domain abuse phishing activity.  Of
course, these dizzying numbers are more easily understood in the chart from the
report.

Credential theft still reigned supreme in all of the threats in corporate email
systems.  What is interesting to note is that employees are treating many
messages with high caution. However, 82% of the reported emails were identified
as “No Threat Detected”. While this heightened sensitivity could generate some
cynicism about the value of security awareness training, the report notes that:

> “While the majority of employee-reported emails are not classified
> as malicious, the identification and reporting of suspicious activity
> by a trained workforce is needed to prevent attacks that increasingly
> make it past email filters.”

In 2022, it is somewhat unbelievable that 419 “Nigerian Prince” response-based
attacks have increased by 3.3%.  The fact that this decades-old scam still
exists is almost breath-taking.  Prior to the internet, these scams were
transmitted via fax machines.  Unfortunately, the report does not indicate the
success rate of these scams, but their continued existence would suggest that
they are still effective.


SOCIAL MEDIA THREAT TRENDS

The volume of threats from social media channels has advanced 27% from Q4 to Q1
single-handedly. This is a 107% increase targeting enterprises. Impersonation
scams are the most frequent method of social media attacks, followed by fraud,
and traditional account compromise techniques. Financial institutions still
remain the primary target of social media attacks.


DARK WEB THREAT TRENDS

The top dark web threat cited in the PhishLabs report is credit card fraud. The
dark web is highly famous for publishing stolen card data, which has contributed
53.7% from the total share of dark web threats, despite a 20% decline in Q1. The
second most common dark web threat is the sale of corporate credentials. 64% of
the stolen data was primarily marketed on carding marketplaces and forums.
Forums gained a large 9.3% increase of activity from all dark web marketplaces.

Similar to social media attacks, financial institutions are the most targeted
industries for dark web attacks. Credit unions, and Financial Services companies
round out the list.


CONCLUSION

The report indicates technological and strategical improvements in phishing
tactics, and enterprises are targeted more than private consumers. Phishing
attacks have leveraged various media to execute malicious activity. Apart from
the traditional email delivery mechanism, social media is the highest trending
platform. Organizations need to be vigilant against these scams and carefully
maintain a presence on these platforms to confirm their authenticity and
validity to avoid phishing activity, and to secure the name of the company.

One way for organizations to protect against phishing attacks is to enforce
email filters, and apply security protocols in their systems to reduce the
impact of credential theft attacks.  While it is true that some staff members
will become overly cautious, security awareness training is still a valid and
valuable defence.

Organizations should pay close attention to the diverse platforms that are
available today which allow threat actors to easily perform many fraudulent
activities. Phishing attacks are being executed in various forms, using myriad
tactics. It is the responsibility of each organization to address any phishing
related activities for the awareness of consumers and even employees. Proper
monitoring of these platforms, and the application of appropriate security
protocols and mechanisms to deter phishing threats is a valuable security
approach.

--------------------------------------------------------------------------------

About the Author: Dilki Rathnayake is a Cybersecurity student studying for her
BSc (Hons) in Cybersecurity and Digital Forensics at Kingston University. She is
also skilled in Computer Network Security and Linux System Administration. She
has conducted awareness programs and volunteered for communities that advocate
best practices for online safety. In the meantime, she enjoys writing blog
articles for Bora and exploring more about IT Security. 

Editor’s Note: The opinions expressed in this guest author article are solely
those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

SHARE THIS POST

Categories Featured Articles, IT Security and Data Protection

Tags intelligence, Phishing, Report, threat

--------------------------------------------------------------------------------

ABOUT TRIPWIRE GUEST AUTHORS



Tripwire Guest Authors has contributed 1,074 post to The State of Security.

View all posts by Tripwire Guest Authors

 * RSS
 * Facebook
 * Twitter
 * YouTube
 * LinkedIn




RECENT POSTS

 * NHS warns of scam COVID-19 text messages
 * What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
 * NIST SP 800-161r1: What You Need to Know
 * The actual cost of a breach – reputation, loss of customers, fines,
   suspension of business
 * Q1 2022 Phishing Threat Trends and Intelligence Report
 * Reexamining the “5 Laws of Cybersecurity”
 * Cyberthreat Defense Report 2022: Key Points You Should Know
 * Interpol arrests thousands of scammers in operation “First Light 2022”
 * Grooming lies and their function in financial frauds
 * Tripwire Products: Quick Reference Guide



TOPICS

   
   
   
 * ICS Security
 * Cloud
 * IT Security and Data Protection
 * Latest Security News
   
 * Regulatory Compliance
   
 * Government
   
 * Vulnerability Management

ABOUT

 * About
 * Contributors
 * Write for us
 * Privacy Policy
 * Tripwire.com
   

CONTACT US

US Headquarters
Tripwire, Inc. 308 SW 2nd Ave Suite 400
Portland, OR 97204

Direct: 503.276.7500

International Offices

SEARCH


 * RSS
 * Facebook
 * Twitter
 * YouTube
 * LinkedIn

 * © 2022 Tripwire, Inc. All rights reserved.