Phishing remains the dominant attack vector for bad actors, growing 31.5% over 2020. Notably, attacks in September 2021 were more than twice as high as in the previous year.
This was revealed by PhishLabs Quarterly Threat Trends and Intelligence Report.
Other findings of the report, include how social media attacks have surged this year. In fact, since January, the average number of social media attacks per target climbed steadily, up 82% year-to-date.
In addition, the payment services industry continued to be the most targeted, but HR and recruiting experienced the steepest increase in attacks compared to the previous quarter.
The report also revealed that vishing, or voice phishing remains a popular vector. These incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls.
Microsoft Office 365 users were urged to be aware, as attacks using Office 365 as a lure continue to plague businesses. In Q3 2021, 51.6% of all phishing attacks reported by corporate users, and aimed at credential theft, targeted Office 365 logins.
In Q3 2021, 51.6% of all phishing attacks […] targeted Office 365 logins.
In addition, according to the report, although a slim majority (51%) of phishing sites continued to be staged through a range of free services and tools, Q3 saw a slight shift away from this activity.
Personal identifiable informaiton (PII) is becoming increasingly available dark Web, the report says. The sale of PII accounted for 12%of Q3 incidents and was primarily made up of threat actors marketing employee email addresses to black market buyers.
The primary place to sell PII information is chat-based services (56%).
Finally, more than 75% of threats encountered on the dark Web were related to stolen credit and debit card data, the report revealed.
John LaCour, founder and CTO of PhishLabs, says as seasonal hiring ramps up for the holidays, the recruiting industry in particular needs to be aware of and better prepared to deal with online impersonation and other scams.
This content was originally published here.