Logo {!-- --}

Alarming jump in phishing attacks

PhishLabs Threat Trends and Intelligence Report show attacks grow 31.5% year-to-date over 2020, with social media attacks continuing to climb; September more than doubles its phishing activity over the same month last year.

PhishLabs by HelpSystems, the leading provider of Digital Risk Protection solutions, has released their Quarterly Threat Trends and Intelligence Report. Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020. Notably, attacks in September 2021 were more than twice as high as the previous year.

“While we saw a drop early this summer in phishing volume, threat actors didn’t take the whole summer off. Attacks have been on the rise since July and surged in September. If these trends continue, many IT security teams will find themselves dealing with a deluge of threats over the holidays,” says John LaCour, Founder and CTO of PhishLabs.

Additional key findings of the PhishLabs Quarterly Threat Trends and Intelligence Report include:

1.Social Media Attacks Skyrocket in 2021: Since January, the average number of Social Media attacks per target climbed steadily, up 82 percent year-to-date.

2.Vishing is Increasing: Vishing incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls.

3.O365 Users Beware: In Q3, 51.6 percent of credential theft phishing attacks reported by corporate users targeted O365 logins.

4.PII Grows on the Dark Web, Leveraging Chat Services: The sale of Personally Identifiable Information accounted for 12 percent of dark web threats and was primarily made up of threat actors marketing employee email addresses to black market buyers. In 56 percent of PII sales, chat-based services were used to market the data.

“The continued climb in social media threats makes it imperative that businesses prioritise visibility across platforms such as Twitter, Facebook, Instagram, and more. As seasonal hiring ramps up for the holidays, the staffing industry in particular needs to be prepared to deal with online impersonation and other scams,” says LaCour.

PhishLabs analysed and mitigated hundreds of thousands of attacks targeting enterprise brands and employees in the Q3. The report uses this intelligence to determine key trends shaping the threat landscape.


Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Palo Alto Networks has introduced Prisma® Cloud 3.0, said to be the industry’s first integrated platform to shift security left—significantly improving organizations’ entire cloud security posture by reducing security risk at runtime.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.