The Phishers Favorite Pond

In an effort to keep our customers up to speed on the latest trends when it comes to fraud detection and prevention, ThreatMark presents our phishing blog series: Don’t Take the Bait! Follow along as we take you through the holidays, the busiest time for fraudsters, and help you educate your customers on the most common phishing hooks that can easily be avoided.

We hope you enjoyed the holiday season and made it through the two biggest holidays of the year without any Santa scams. Last month, we detailed out a comprehensive article for you regarding the most common phishing scams to watch out for. Today, ThreatMark is speaking specifically to the most targeted pond in the industry: financial institutions.

Securing The Sector

Financial Institutions Beware

Attention all financial institutions: we are officially sounding the alarm on your behalf! Truth be told, financial institutions are the most heavily targeted sector for phishing fraudsters on just about any given day of the year.

So, what makes your industry so popular when it comes to phishing scams? In a nutshell, y’all have the most desirable fish! Phishing fraudsters prey on trusting individuals with social engineering tactics. What this means is they’re looking for a reputable brand they can counterfeit in an effort to cast what they trust will be perceived as a clean line. And what brand is more subconsciously saturated in any customer’s mental Rolodex with trust and integrity than their own personal financial institution? Phishers count on the fact that communication with victims that looks as though it’s coming from their financial institution will create a level of subliminal confidence that will effortlessly facilitate the scam. So, they send an email (one example) posing as you and asking your customers to update their account credentials. And voila! Your innocent customer has become a victim for no other reason than the fact that they trust you implicitly. Don’t you think you owe it to them to ensure that trust is protected and well-deserved? We’ll get to how to do that in a minute but for now, let’s talk data!

Financial Failure

2022 Phishing Stats

Where are we getting all our information? That’s a fair question to ask! ThreatMark receives data from APWG regarding industry-specific fraud trends in an effort to ensure our customers always stay aware and in the loop. For those of you who may not know, APWG measures the evolution, proliferation, and propagation of fraud by drawing on the research from their member companies and other industry experts. And here’s what they had to say about 2022 targeted phishing scams:

Q1 Summary Points:

  • In the first quarter of 2022, APWG observed 1,025,968 total phishing attacks. This was the worst quarter for phishing that APWG has ever observed, and the first time that the quarterly total has exceeded one million.
  • Most sectors saw a decrease in the overall number of ransomware attacks against them, but the Financial Services industry saw an 35% increase in the number of attacks during 1Q2022.
  • There was a 7% increase in credential theft phishing against enterprise users.
  • The impersonation of corporate executives on social media was an increasing observed business risk.
  • The financial sector was the most frequently victimized by phishing in Q1, with 23.6% of all attacks. Attacks against SaaS and webmail providers continued to be numerous. Phishing against cryptocurrency targets inched up to 6.6% of attacks.

Q2 Summary Points:

  • In the second quarter of 2022, APWG observed 1,097,811 total phishing attacks, a new record and the worst quarter for phishing that APWG has ever observed.
  • The average amount requested in wire transfer BEC attacks in Q2 2022 was $109,467, up from $91,436 in Q1 2022.
  • The healthcare and transportation industries suffered an increase in ransomware attacks.
  • Threats on social media continued to rise, with a 47 percent increase from Q1 to Q2 2022.
  • There has been an increase in mobile phone-based fraud, with smishing and vishing increasing in Q2 2022.

Protecting Your Pond

How To Guard Your Guppies

Phishing is a crime that targets innocent victims using both social engineeringand technical subterfuge (think malware)to steal personal data and financial credentials. In these scenarios, fraudsters prey on your customers by misleading them into believing they’re dealing with you. Deceptive email messages are designed to lead them to counterfeit websites that then trick them into disclosing financial data such as their usernames and passwords.

ThreatMark understands this and we are at the forefront of the phishing dock, with the Behavioral Intelligence necessary to keep your waters clean and your customers safe. Our Cyber Fraud Fusion Center (CFFC) provides the market leading expertise, tools, and threat prevention necessary to stop scams before they even reach your customers!

This post was first first published on TM News – ThreatMark’s website by Greg Myers. You can view it by clicking here