Rise of phishing attacks continue in Q1 2021

Financial institutions, social media sites among most common targets

Rise of phishing attacks continue in Q1 2021

The rise in the number of phishing attacks globally continued in the first quarter of 2021 as the world continues to combat the COVID-19 pandemic, according to global organization Anti-Phishing Working Group (APWG).

The number of unique phishing web sites soared to 245,771 in January, an all-time high, according to the organization. It dropped to 158,898 in February but once again rose to 207,208 in March.

In comparison, this number was less than 100,000 in April 2020, and was at least 200,000 from August to December last year.

Attacks on web applications rose by 800 per cent in the first six months of 2020 compared to the same period in 2019, according to a report from CDN and cloud security provider CDNetworks.

"The APWG's members are reporting more confirmed phishing attacks," said Greg Aaron, senior research fellow at the APWG, and the editor of the new report. "There are, however, many more attacks that are not reported in our data repository. That means these numbers are the floor, and that the situation out on the Internet is worse than the mounting numbers indicate."

The number of unique phishing email subjects also hit an all-time high of 172,293 in January 2021 before falling to 112,368 in February and 39,918 in March.

In the same period, phishing attackers target financial institutions (24.9 percent), social media (23.6 percent and webmail/SAAS (19.6 percent) the most. Other common targets include eCommerce (7.6 percent), logistics and shipping (5.8 percent) and cryptocurrency (2.0 percent).

Business E-mail Compromise (BEC) scams are becoming more costly for some victims, according to the report. The average wire transfer request in BEC attacks increased to $85,000 in Q1 2021, up from $48,000 in Q3 2020.

Everyone must also be on the lookout for a new tactic being used by BEC scammers: the “aging report” scam.

“In a financial aging request, the scammer impersonates an executive and requests that someone in the target company send him a report that contains details about outstanding payments owed by the company’s customers, and the accompanying customer contact details,” read part of the Phishing Activity Trends Report - 1st Quarter 2021.

“While aging report BEC attacks have been around for more than a year, their volume was minimal until Q1 2021, when more than 10percentof all BEC attacks involved aging report requests.”

More than half (56 per cent) Canadian executives expect to increase their cyber budgets, according to a previous report, but just 34 per cent are really confident their cyber budgets are being assigned and spent correctly.