The first phishing attack was recorded in the mid-1990s and targeted America Online (AOL). Since then, threat actors continue to create phishing campaigns and targets individual, small to mid-size, and large companies.
Phishing uses social engineering attacks to steal sensitive or confidential information such as login credentials, credit card numbers, and personally identifiable information. The threat actor masquerades as a trusted entity to dupe the victims from opening malicious websites, emails, messages, and harmful links that will lead to the installation of malware.
The APWG trend report
Recently, APWG releases the Phishing Activity Trends report for the first quarter of 2021. It highlights the retained near-record levels of phishing activities. The January 2021 report set high historical data with 245,771 recorded phishing websites, and 83% of the registered site had SSL encryption enabled. Although the recorded data trend declined at the end of the first quarter, the documented attacks in March 2021. However, reached more than 200,000 and is considered one of the disastrous months in the APWG’s history.
Financial institutions are targeted the most in the first quarter of 2021 using this kind of attack, followed by social media, webmail, payment services, and eCommerce. As of today, the APWG is continuously adding confirmed phishing attacks in its record. The provided data may be considered as a baseline of the cyber-attacks happening as most of the threat attacks are not reported and added in the repository.
Business Email Compromise (BEC), The ageing report
The average cost of wire transfer from BEC attacks increases from $48,000 in Q3 of 2020 to $85,000 in the first quarter of 2021. Attackers are leveraging Business E-mail Compromise (BEC) attacks wherein the threat actors impersonate the Company’s Executive and request for a copy of the ageing report from the company’s Accounting Department. The ageing report contains the name, email addresses, and customer account records with unpaid balances. The ageing report will be used to target the victim’s customers to request payment of the overdue invoices to a different bank account number handled by the threat actor.
Threat actors frequently used phishing to obtain a foothold in a company’s network.
A company under attack could suffer reputational damage, business disruptions, and loss of business value. To prevent phishing attacks, companies and users must be aware of the latest phishing campaigns. Additionally, users and organizations should adhere appropriately to the required protection steps to avoid phishing occurrences.