The Weekly Breach Breakdown: A Phish Tale – The Surge in Recent Phishing Attacks

• According to a new report by Vade, an email security company, recent phishing attacks are rising. It is primarily because of the decrease in ransomware due to the war in Ukraine and the collapse of cryptocurrency
• Through the first half of 2022, 34 percent of all unique phishing attacks impersonated financial services brands. The most popular days to send phishing emails are Monday through Wednesday. Less than 20 percent are sent on weekends.
• Phishing attacks are as sophisticated as ever because criminals have an arsenal of tools to manipulate end users and evade email security.
• To learn about data compromises, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) improved data breach tracking tool, notified.
• If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website idtheftcenter.org.

A Phish Tale

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for August 5, 2022.  Each week, we look at the most recent events and trends related to data security and privacy. This week, we go phishing. Not the kind where you use a boat; the kind of cyberattack that is making something of a comeback. Phishing, in all its forms, has never really gone away – but who doesn’t love a good phish tale? We discuss the surge in recent phishing attacks.

Ransomware on the Decline – Recent Phishing Attacks on the Rise

With ransomware attacks down this year because of the war in Ukraine and the collapse of the cryptocurrency markets, identity criminals are stepping up their use of some other methods of tried and true ways of stealing information – namely phishing attacks and the use of spoofed brands.

Vade Report Highlights Increase in Recent Phishing Attacks

Email security company Vade tracks phishing emails and published a report that shows attacks using the Microsoft brand increased 266 percent in the first half of this year compared to 2021. Fake Facebook messages were up 177 percent.

Through the first half of 2022, 34 percent of all unique phishing attacks impersonated financial services brands. Google, Adobe, WhatsApp and Instagram joined Microsoft and Facebook as a major tech lure for phishing attacks.

The most popular days for sending phishing emails? That’s between Monday and Wednesday, according to Vade. Less than 20 percent of malicious emails are sent on the weekend.

Phishing Attacks are More Sophisticated Than Ever Before

The report concluded that:

“Hackers have an arsenal of tools at their disposal to manipulate end users and evade email security, including phishing kits that can identify when they are being scanned by a vendor and trigger benign webpages to avoid detection. End users need to be continually trained to identify the latest phishing techniques,”

– Adrien Gendre, Chief Tech and Product Officer, Vade, in an email to trade publication Threatpost.

How Companies Absorb Unbudgeted Costs from a Data Compromise

One last item as a follow-up to last week’s episode where we explored IBM’s annual report on the cost of data breaches. The price is up in case you missed the episode. However, there was one stat we didn’t get to address. One question this year’s report tackles is what companies do to absorb or recover the unexpected and unbudgeted costs created by a data compromise.

According to the 2022 report, 60 percent of the companies raised their prices. However, 40 percent did not raise prices when faced with recovering from a data breach. With the average U.S. data breach costing $9.44 million, that can be a healthy jump in prices for customers.

Contact the ITRC

If you think you have been the victim of a recent phishing attack, data breach or other identity crime, visit our website www.idtheftcenter.org. You can also speak with an expert advisor on the phone (888.400.5530), chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). 

Later this month, we’re going to publish a new report for the first time that looks at overall identity trends, followed in September by our Consumer Impact Report that focuses on identity crime impacts on individuals. In October, we’ll publish our report on how small businesses are impacted by identity crimes and cyberattacks.

Be sure to join us next week for another episode of the Weekly Breach Breakdown.