PhishLabs’ Quarterly Threat Trends & Intelligence Report gives insights into what threat actors want from phishing. The company found that cryptocurrency and healthcare data are the two breakout assets cybercriminals are actively going after so far in 2021.
Phishing, the primary way in which threat actors steal credentials, hijack accounts, and compromise the security fabric of organizations, continues to rise in 2021. The total number of phishing threats in the first half of 2021 increased by 22% as opposed to the same period from last year, according to the latest report by PhishLabs.
Social media this year has emerged as one of the highest growing attack vectors, rising 47% in the first six months of 2021. Fraud, impersonation, cyber attacks are some of the major threats prevalent over social media.
Corporate breaches were also on the rise but the biggest surge in phishing attacks was registered for cryptocurrency exchanges. Unsurprisingly, over 50% of phishing attacks on crypto were launched through social media simply because a bulk of crypto activity, discussions, and communication happens on social networks.
“Bad actors continue to utilize phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on,†said John LaCourOpens a new window , founder of, and CTO at PhishLabs.
Findings from PhishLabs’ Quarterly Threat Trends & Intelligence Report
Why is Cryptocurrency Being Targeted?
Well, it is pretty straightforward. Threat actors are after your money. Moreover, crypto is a high growth sector so the surge in cryptocurrency transactions and interest naturally attracted phishers. LaCour explainsOpens a new window , “As they’ve gained prominence, crypto exchanges are being targeted with many of the same cyber threats that larger, more established financial institutions have faced for years.â€
Threat actors are impersonating cryptocurrency businesses to confuse customers. In fact, impersonating a brand, an executive, and an account makes for 54.7% of all threats to cryptocurrency from social media.
Opens a new window
Social Media Phishing Threats to Cryptocurrency | Source: PhishLabs
Attacks on cryptocurrency also increased 10 times from last year. In Q2 2021 attacks on crypto averaged at a 13% increase over Q1 2021.
See Also: What Is a Phishing Email Attack? Definition, Identification, and Prevention Best Practices
Which Industry Sectors Were Attacked the Most?
Much like cryptocurrency, payment services is also a new space on the block with a respectable growth rate. Most of the new age payment services come within the purview of the internet. This is why phishing attacks against payment services witnessed the highest growth in Q2 compared to Q1.
Hospitals and the healthcare sector in general have been in the spotlight for most of 2020 and 2021 owing to the COVID-19 pandemic. As such, the sector saw the second highest growth in attacks against it in Q2 2021, propelling it in the top 10 list from the #17 position previously.
| Position | Sector | % Change |
| 1 | Payment services | 561.80% |
| 2 | Broadcast Media | 112.50% |
| 3 | eCommerce | -19.7 |
| 4 | Telecommunications | -23.5 |
| 5 | Dating | -52.30% |
| 6 | Cryptocurrency | 13% |
| 7 | Computer Software | -49.20% |
| 8 | Banking | -10.20% |
| 9 | Trading Unions | 4.90% |
| 10 | Hospitals / Healthcare | 187.80% |
It is noteworthy that ecommerce, telecom, software, dating, and other sectors saw a fall in phishing attacks, yet are ahead of healthcare. PhishLabs anticipates cryptocurrency businesses to continue being aggressively targeted by phishers through social media in upcoming quarters.
How are Phishing Attacks Staged?
Phishers in H1 2021 relied on some popular staging methods such as launching an attack based on a compromised website, and tunneling services. The use of methods that are free such as free hosting, free domain registrations, developer tools declined somewhat although when all are combined, they still make up 62% of the total staging methods.
Phishing Attack Staging Methods | Source: PhishLabs
Additionally,
- Top-level domains were used in almost half of all phishing attacks
- The use of SSL certificates (HTTPS) declined slightly to 82% of phishing attacks. Rest of the attacks used non-HTTPS domains
- Domain Validated Certificates were slightly down in Q2, with 90.5% of phishing sites observed, while SSL Organization Validated Certificates increased 4.06%
Usage Trend of HTTPS vs Non-HTTPS | Source: PhishLabs
What are Threat Actors Phishing For?
Most phishing attacks (63.5%) are carried out to steal credentials of employees to corporate resources. Accounts for suites such as Office 365 are one of the most sought after, considering they provide access to a broad range of organizational data and applications. For credential phishing, a phishing link was used 78% of the times, with the remaining attempts containing a malicious attachment.
Incidentally, malware delivery via emails declined (3.5%). Response-based scams rose 2%.
Breakdown of Phishing | Source: PhishLabs
Response-based scams such as business email compromise (BEC) are on the upswing. However, 419 scams, also known as advance-fee scams, held the top spot despite declining by over 10%. Vishing is also on the rise, now making up over 15% of response-based scams.
| Type of Response-Based Scam | % Share | % Change |
| 419 | 50.40% | -10.70% |
| BEC | 25.40% | 5.70% |
| Vishing | 15.90% | 9.60% |
| Job Scams | 5.20% | -2.50% |
| Tech Support | 3.10% | -2.60% |
See Also: KnowBe4 Expert on Why AI-Driven Phishing Training is What Every Organization Needs
The Biggest Social Media Threats
Businesses were subject to 50 attacks on social media per month, up 47% from 34 at the start of the year.
Monthly Social Media Attacks Per Business | Source: PhishLabs
The biggest threats on social media are:
- Fraud, wherein an attacker deceives the target to carry out any sort of credential, financial, or sensitive information related activity without their consent. Fraud increased 23.7% and accounted for 45.6% of social media threats in Q2 2021.
- Impersonation, an activity where the attacker pretends to be a legitimate executive, or representative of a brand to make the target. ImpersonationOpens a new window declined 8.7% and accounted for 21.8% of all threats.
- Cyber threat, a situation wherein a person’s records are at risk of being hacked into by any means. Cyber threats also declined by 5.4% and accounted for 19.1% of all threats.
- The threat of data leaks makes up 13.2% of all threats. Decreased in Q2 2021 by 9.6%.
- Physical threats are the lowest at 0.3%
Closing Thoughts
Even as the total phishing attacks increased by 22%, the H1 2021 trends more or less mimicked those from H1 2020. The exception being June 2021 when the number of phishing attacks actually declined compared to June 2020. While this may seem like a course reversal, it is still early to ascertain whether the dip will continue for the whole year.
It is clear, however, that the three assets cybercriminals have shown a renewed interest in are cryptocurrency, healthcare data and corporate resources. The prudent approach here is to continue to have a strategic security plan in place and establish channels to receive up-to-date threat intelligence.
Let us know if you enjoyed reading this story on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!