Phishing trends 2023
LinkedIn is used by more than 850 million people across more than 200 countries and regions. With so many people using the platform, it is the perfect target for email phishing attacks.
In Q1 of 2021, phishing emails using LinkedIn as cover were the most clicked-on social media mail, at 42%, ahead of Facebook at 20% and Twitter at 9%.
New starters that have changed their job status on LinkedIn are a key target. The criminals impersonate senior staff in their attempts to obtain personal information. Others will request employees to buy gift vouchers, such as those for iTunes, or call a given number to discuss important requirements for the job.
Since 2021, LinkedIn remains a major target for cyber criminals. In Q1 2022, LinkedIn was the most imitated brand globally, with 52% of identified phishing attacks purporting to be the platform.
Greater variance in attacks
A 2022 report on cybercrime rates highlights that cyber criminals are sending more emails in their campaigns. Of 1400 organisations surveyed, 80% believed it was likely they would suffer from an email-based cyber-attack.
79% reported an increase in the number of emails their organisation was receiving, including 33% who said they were receiving significantly more than in previous years. What is especially worrying is that 96% reported at least one phishing attack in the last year, with 52% believing these threats to be more sophisticated.
The increasing volume of phishing emails increases the likelihood of a successful attack. 92% responded that at least one business email had been compromised. 93% had experienced data leaks due to carelessness, negligence or compromised employee credentials.
The link between phishing and ransomware
The latest cyber security systems, such as SIEM, are able to proactively scan networks for signs of intrusion. As such, cyber criminals are developing increasingly sophisticated methods of delivery for malware.
Phishing is the main delivery method for ransomware. A 2022 study of 1400 organisations found that of the 26% that had experienced a ‘significant’ increase in the number of email threats received in the last year, 88% were victimised by ransomware. Compared with the 65% that experienced ransomware without such an increase in the number of email threats, we can see the dangerous link between these two attack types.
Phishing was a primary delivery method for the notorious REvil ransomware. IBM’s X-Force observed that REvil incidents in 2021 often started with a ‘QakBot’ phishing email. This email would have a short message pertaining to unpaid invoices or something similar, and in some instances, hackers would hijack ongoing conversations to insert a malicious link.
When opened, the target would be instructed to unknowingly enable the QakBot banking trojan to be dropped into a system. REvil threat actors could then take command of the operation, conducting reconnaissance and attempting to compromise data.