Phishing trends in 2021

Now that a few months have passed, it is time for many security researchers to look back and distill trends from the data they gathered in the previous year.

For more than 10 years in a row, we see the prevalence and the impact of email related attacks growing.

The reason for that is surprisingly simple: phishing is both a very cheap and scalable attack method, while the possible rewards are very high.


Phishing volume grew with more than 30% in 2021

We saw both a rise in phishing websites as in the amount of phishing mails. Roughly 20% of all emails entering an organisation can be described as suspicious, and around 8% of the total volume was discovered to be directly malicious. It is of no surprise that the employee plays a critical role in an organisation’s defence strategy against security breaches. That means that user awareness and reporting suspicious emails is of the utmost importance:

Vishing attacks are growing exponentially

If phishing is fraud via email, vishing is fraud via telephone. An attacker who picks up the phone and calls the company pretending to be a client or a supplier in distress that needs to be helped immediately is a story that is becoming all too common. The number of vishing reports more than quadrupled in 2021. Security researchers predict this trend to continue in and expect organisations to receive more suspicious calls in 2022.
For an interesting write-up on how surprisingly easy it is to trick people on the telephone, look here: ).

Password Theft is still the main goal

If your goal is to gain access to corporate information, getting hold of an employee’s credentials is often the first step.
Analysis of billions of phishing emails, confirms that more half of those phishing mails request at least the username and password of the victim.
Be mindful of emails requesting you to log in. Always check, and double check the provided link:

Corona fraud

COVID-19 is still a prominent font of inspiration for attackers

Phishing is not really a technical attack. It’s more of a social attack, a form of ‘Social Engineering’. It preys on human weaknesses. That’s why many phishing scenario’s evolve around instilling fear, curiosity or a sense of urgency.

In this regard, the COVID-19 stays the dominant subject for email based attacks for the second year in a row.

Microsoft is the most impersonated cloud brand

To appear trustworthy, phishers and scammers try to create a feeling of familiarity and mimic known brands. As most companies have a Microsoft environment, it shouldn’t come as a surprise that phishing mails and landing pages are impersonating a Microsoft product.
On top of that, we saw that half of the phishing mails that are harvesting credentials, were targeting O365 accounts.