HQ/EMEAFind out how we can help your business
The newest Phishing Activity Trends Report from the APWG (Anti-Phishing Working Group) has revealed a concerning increase in phone-based phishing attacks, drastically changing the threat environment for cybercrime. These attacks, which use text messages and phone conversations, have grown unregulated over the last two years and accounted for more than 20% of all fraud-related assets discovered by APWG member OpSec in the first quarter of 2024.
The use of smishing (SMS phishing) and vishing (voice phishing) by fraudsters is on the rise. While smishing employs text messages to send receivers to phishing sites, vishing includes fraudsters calling potential victims directly. Hybrid phishing has also gained popularity, which involves sending an email or text message asking the receiver to contact a given phone number. Scammers can use this direct communication to control victims in real-time.
Phone-based phishing attacks, including vishing and smishing, surged since 2021.
Vishing and smishing have significantly increased, according to OpSec, beginning in early 2021. The cybersecurity experts at OpSec attribute some of this increase to sophisticated email filtering systems that make it more difficult for scammers to contact victims via email. Phone calls, on the other hand, get past these filters and reach the users directly, giving scammers a more direct and effective way to interact with the victim—either by earning their trust or by confusing and frightening them.
Another APWG contributor, Fortra, has observed the same change. One significant development that was mentioned is the remarkable rise of hybrid vishing. In the first quarter of 2024, hybrid vishing accounted for 5.6% of Fortra’s engagements, a notable increase over previous years. Typically, an email claiming that a charge is fraudulent is sent out along with a phone number the recipient can call to have their money returned. A common brand used in these scams is Norton/LifeLock, which Fortra recorded 32% of hybrid vishing communications that used this brand in Q1 2024.
Further, according to the APWG report, there were an astounding 963,994 phishing attacks in Q1 2024. The monthly attack rate steadied from June 2023 to March 2024 despite reaching a peak in early 2023. With 37.4% of all phishing attempts happening on social media platforms, software-as-a-service and webmail providers came in second and third, respectively, with 21% of the attacks. As of Q1 2024, the percentage of phishing attacks targeting the financial industry had dropped to 9.8%.
According to APWG’s analysis, more complex scams are being made possible by the growing availability of high-fidelity voice and video samples, social media user profiles, and financial data that is sold on the dark web. The Secretary-General of the APWG, Peter Cassidy, stressed that a new era of cybercrime has begun. Cybercriminals now have access to technologies that were previously thought of as science fiction, which allows them to create undetectable spoofs. Customers and staff consequently have to doubt the legitimacy of their interactions constantly.
Strong defences and increased awareness are essential against the constantly changing cyber threats, as evidenced by the sharp rise in phone-based phishing attempts. The need to stay alert and informed about cybersecurity precautions cannot be overstated, especially as fraudsters continue to refine their methods.
