The Anti-phishing working group, a not-for-profit industry association focused on eliminating the identity theft and frauds that result from the growing problem of phishing, crimeware, and e-mail spoofing, has released its Phishing Activity Trends Report for Q1 2022.
Highlights include:
- A total of 1,025,968 total phishing attacks, the highest total ever
- A 35% increase in attacks against the Financial Services industry
- A 7% increase in credential theft phishing against enterprise users.
- 23.6% of all attacks targeted the Financial Services industry
In addition to the increased volume, there was a marked increase in the value fraudsters attempted to streal with each successful business email compromise attack. Spearfishing attacks, in which fraudsters try to trick employees into sending money to an account they control, increased 69%.
“[APWG member] Agari found that the average amount requested in wire transfer BEC attacks in Q1 2022 was $84,512, an increase of 69 percent from Q4 2021’s average of $50,027,” the report said. “The higher Q1 2022 average was due to a 280 percent increase in requests for amounts greater than $100,000. In Q1 2022, 21.6 percent of wire transfer requests sought more than $100,00, versus just 7.7 percent in Q4 2021.”
The report also notes that financial institutions experienced increase attack volume due to criminal groups choosing to focus their efforts on that sector.
“Attacks against financial institutions have been on an upward trend over the past year, with attacks 75 percent higher than Abnormal observed in the first quarter of 2021,” the report said. “The main driver behind this growth appears to be an increased focus on financial institutions by the LockBit crime group, primarily on smaller accounting and insurance firms.”