The pandemic sent workers home to work, and online criminals have been quick to take advantage of that mass migration. Phishing attacks are now at a record high, with incidents in the first quarter breaching 1 million for the first time, according to a report released Tuesday by the Anti-Phishing Working Group, which has been tracking the online crime since 2003.
Phishing attacks, in which fraudsters send email messages designed to gull unwary recipients into divulging passwords or other critical security details, totaled 1,025,968 in the March quarter, “the worst quarter for phishing the APWG has ever observed,” the group said in the report. The total for March, at 384,291, was the highest monthly total the group has seen in its reporting history, according to the report.
These record highs follow a very recent trend. The previous all-time high for a single quarter came only in the October through December period last year, at 888,585 attacks, the APWG said.
Much of the impetus behind the explosion in phishing stems from the opportunity to victimize recipients who are sitting at a kitchen table rather than at a desk at the office, says Peter Cassidy, secretary general of the APWG. “That’s definitely a big part of it,” he tells Digital Transactions News. “As soon as workers migrated to their home, their guard would be down.”
Another part of the problem is that home computers are generally less protected than those executives might use at the office, where corporate security rules typically apply. “The bad guys appreciated that,” Cassidy says.
Even bankers can be unwary. Perhaps unsurprisingly, the financial industry sustained the highest percentage of attacks, accounting for 23.6% of them in the first quarter, according to the APWG statistics. The targets of online criminals “might be the comptroller for a bank,” Cassidy says. “That’s the moment they can take advantage of a guy relaxing in the kitchen on their laptop.” Retail e-commerce registers at 14.6% of attacks, while crypto accounted for 6.6%. Payments in general accounted for 5% of attacks.
A proliferation of organized phishing groups, along with an increase in the variety of attack vectors, also account for the record-setting levels of phishing attacks, Cassidy says.
If there’s any good news in the latest APWG report, it lies in the fact that the group found a decrease in the level of ransomware attacks. These attacks, in which online criminals encrypt their targets’ data and demand payment for the decryption key, fell 25% in the first quarter year-over-year, according to the report.
But while most industries saw a decline in these attacks, the financial-services sector was an exception. Here, attacks grew 35% in the quarter. “Attacks against financial institutions have been on an upward trend over the past year, with attacks 75 percent higher than Abnormal observed in the first quarter of 2021,” the report notes. Abnormal Security, which tracks ransomware attacks, is an APWG member company.