Vishing Attacks Reach All Time High

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months. Vishing is a fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.

This comes from the latest Quarterly Threat Trends & Intelligence Report from Agari and Phish Labs, which are part of the HelpSystems security software group. Their research hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands In Q1 2022.

The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.  
Vishing attacks have overtaken Business Email Compromise (BEC) as the second most reported response-based email threat since Q3 2021. 

By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022. 

“Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022,” said John LaCour, Principal Strategist at HelpSystems.  “We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks... In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative.”

Key Findings

  • Social media impersonation attacks are on the rise. Since Q2 2021, the volume of brand impersonations increased 339% and executive impersonations 273%. According to the findings, brands prove to be convenient targets for threat actors, especially when associated with retail counterfeit operations. However, for some unique attacks, executive accounts are preyed on to make the spoofs seem more realistic.
  • Credential theft email scams continue to be the most common email threat type reported by employees, contributing to nearly 59% of all threat types encountered. Credential theft reports increased 6.9% in volume from Q4 2021.
  • The malware landscape continues to be ever changing. Qbot was once again the payload of choice for threat actors attempting ransomware attacks, but Emotet reemerged in Q1 and was the second leading payload.
  • While nearly half of all phishing sites rely on a free tool or service for staging, Q1 2022 was the first quarter in five consecutive quarters where paid or compromised services (52%) outnumbered free solutions for the use of staging phishing sites.

As the variety of digital channels organisations use to conduct operations and communicate with consumers expands, bad actors are provided with multiple vectors to exploit their victims. Security teams should invest in partnerships that will ensure the swift and complete mitigation of attacks before they result in reputational and financial damage.

“Most attack campaigns are not built from scratch; they are based on reshaping traditional tactics and incorporating multiple platforms...  Therefore, to remain secure, it’s no longer effective for organisations to only look within the network perimeter. They must also have visibility into a variety of external channels to proactively gather intelligence and monitor for threats.' is the advice from Helpsystems. 

Phishlabs:      

You Might Also Read: 

The Big Cyber Security Threats That You Can Prepare For:
 

« Clearview Pays £7.5m For Illegally Storing Facial Images
Cyber Attacks On Ukraine Step Up The Pressure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

British Assessment Bureau

British Assessment Bureau

The British Assessment Bureau is an ISO certification body. We check conformity and compliance of companies to recognised ISO standards including ISO 27001.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

Core Security

Core Security

Core Security provides threat-aware identity, access, authentication and vulnerability management solutions.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

InsightCyber

InsightCyber

InsightCyber is on a mission to keep the world’s critical infrastructure, supply chains, and manufacturing operations cyber-safe, helping to prevent attacks that can have catastrophic impacts.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Nine23

Nine23

Nine23 are a highly focused cyber security solutions company that defines, builds and manages innovative services, enabling end-users to use technology securely in today’s workplace.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.