Vishing Attacks Reach All Time High

Uploaded on 2022-05-24 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months. Vishing is a fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.

This comes from the latest Quarterly Threat Trends & Intelligence Report from Agari and Phish Labs, which are part of the HelpSystems security software group. Their research hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands In Q1 2022.

The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.  
Vishing attacks have overtaken Business Email Compromise (BEC) as the second most reported response-based email threat since Q3 2021. 

By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022. 

“Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022,” said John LaCour, Principal Strategist at HelpSystems.  “We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks... In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative.”

Key Findings

  • Social media impersonation attacks are on the rise. Since Q2 2021, the volume of brand impersonations increased 339% and executive impersonations 273%. According to the findings, brands prove to be convenient targets for threat actors, especially when associated with retail counterfeit operations. However, for some unique attacks, executive accounts are preyed on to make the spoofs seem more realistic.
  • Credential theft email scams continue to be the most common email threat type reported by employees, contributing to nearly 59% of all threat types encountered. Credential theft reports increased 6.9% in volume from Q4 2021.
  • The malware landscape continues to be ever changing. Qbot was once again the payload of choice for threat actors attempting ransomware attacks, but Emotet reemerged in Q1 and was the second leading payload.
  • While nearly half of all phishing sites rely on a free tool or service for staging, Q1 2022 was the first quarter in five consecutive quarters where paid or compromised services (52%) outnumbered free solutions for the use of staging phishing sites.

As the variety of digital channels organisations use to conduct operations and communicate with consumers expands, bad actors are provided with multiple vectors to exploit their victims. Security teams should invest in partnerships that will ensure the swift and complete mitigation of attacks before they result in reputational and financial damage.

“Most attack campaigns are not built from scratch; they are based on reshaping traditional tactics and incorporating multiple platforms...  Therefore, to remain secure, it’s no longer effective for organisations to only look within the network perimeter. They must also have visibility into a variety of external channels to proactively gather intelligence and monitor for threats.' is the advice from Helpsystems. 

Phishlabs:      

You Might Also Read: 

The Big Cyber Security Threats That You Can Prepare For:
 

« Clearview Pays £7.5m For Illegally Storing Facial Images
Cyber Attacks On Ukraine Step Up The Pressure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

TrustGrid

TrustGrid

Trustgrid is a pioneer and leader in secure, cloud-native software-defined connectivity.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

NetBird

NetBird

NetBird combines a WireGuard-based overlay network with Zero Trust Network Access, providing a unified platform for reliable and secure connectivity.