Vishing Attacks Reach All Time High

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months. Vishing is a fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.

This comes from the latest Quarterly Threat Trends & Intelligence Report from Agari and Phish Labs, which are part of the HelpSystems security software group. Their research hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands In Q1 2022.

The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.  
Vishing attacks have overtaken Business Email Compromise (BEC) as the second most reported response-based email threat since Q3 2021. 

By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022. 

“Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022,” said John LaCour, Principal Strategist at HelpSystems.  “We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks... In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative.”

Key Findings

  • Social media impersonation attacks are on the rise. Since Q2 2021, the volume of brand impersonations increased 339% and executive impersonations 273%. According to the findings, brands prove to be convenient targets for threat actors, especially when associated with retail counterfeit operations. However, for some unique attacks, executive accounts are preyed on to make the spoofs seem more realistic.
  • Credential theft email scams continue to be the most common email threat type reported by employees, contributing to nearly 59% of all threat types encountered. Credential theft reports increased 6.9% in volume from Q4 2021.
  • The malware landscape continues to be ever changing. Qbot was once again the payload of choice for threat actors attempting ransomware attacks, but Emotet reemerged in Q1 and was the second leading payload.
  • While nearly half of all phishing sites rely on a free tool or service for staging, Q1 2022 was the first quarter in five consecutive quarters where paid or compromised services (52%) outnumbered free solutions for the use of staging phishing sites.

As the variety of digital channels organisations use to conduct operations and communicate with consumers expands, bad actors are provided with multiple vectors to exploit their victims. Security teams should invest in partnerships that will ensure the swift and complete mitigation of attacks before they result in reputational and financial damage.

“Most attack campaigns are not built from scratch; they are based on reshaping traditional tactics and incorporating multiple platforms...  Therefore, to remain secure, it’s no longer effective for organisations to only look within the network perimeter. They must also have visibility into a variety of external channels to proactively gather intelligence and monitor for threats.' is the advice from Helpsystems. 

Phishlabs:      

You Might Also Read: 

The Big Cyber Security Threats That You Can Prepare For:
 

« Clearview Pays £7.5m For Illegally Storing Facial Images
Cyber Attacks On Ukraine Step Up The Pressure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Applied Engineering Solutions (aeSolutions)

Applied Engineering Solutions (aeSolutions)

aeSolutions offers performance-based process safety engineering and automation solutions. Services include industrial cybersecurity.

Be Cyber Aware At Sea

Be Cyber Aware At Sea

Be Cyber Aware At Sea is a global maritime and offshore industry initiative to raise awareness and educate crew members and the offshore workforce.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Unbotify

Unbotify

Unbotify's mission is to provide a best in class solution to one of the major problems of web application security today - detecting malicious bots.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

ResponSight

ResponSight

ResponSight is a data science company focusing specifically on the challenge of measuring risk and identifying changes in enterprise/corporate networks using behavioural analytics.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

ISH Technologies

ISH Technologies

ISH provides Cybersecurity Services, IT Infrastructure Services, Cloud Computing Services, and a Tier III Data Center.

eLearnSecurity

eLearnSecurity

eLearnSecurity is an innovator in the IT Security training market providing quality online courses paired with highly practical virtual labs.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.