In Q3, the volume of social media attacks targeting the average business was 40.4% higher than the same time last year, according to the latest data from Fortra’s PhishLabs. Social media attack volume has grown significantly year-over-year with the average business in 2022 experiencing 84.5 malicious incidents per month versus 50.59 in 2021.
Fortra analyzes hundreds of thousands of social media attacks every quarter to identify the top threats targeting enterprises, their brands, and their employees. In this post, we discuss the industries most prone to attack on social media, and the top threat types found on those platforms.
While malicious activity on social media has jumped year-over-year, businesses did see a decrease from Q2 to Q3, with September recording the lowest count of attacks per business for 2022. Despite the dip, the average organization still endured 10 malicious attacks more than they did the same time last year.
Top Threat Types
In Q3, Impersonation scams were the top threat type targeting businesses on social media, contributing to nearly 40% of share of total attack volume. This is despite displaying a decrease in activity over two consecutive quarters. Types of Impersonation include the purposeful spoofing of a brand, executive, or employee. Impersonation is incorporated into social media attacks to enhance the perceived legitimacy of the threat.
Cyber Threats, such as hacking, increased the most in Q3, growing 7% of share and surpassing Fraud as the second most encountered threat type. Cyber Threats contributed to more than 31% of attacks, marking the highest recorded share and incident count of the threat type since 2020.
Fraud attacks on social media dropped 5.9%, representing 28% of share of malicious activity in Q3. Despite the decrease, Fraud is consistently among the top three threat types on social media, where users are historically less cautious with their communications and, as a result, prone to deposit fraud and other financial threats.
Physical Threats and Data Leaks represented 0.9% and 0.4% of activity, respectively.
Attacks By Industry
Financial Institutions as a whole endured nearly three-quarters of all abuse on social media in Q3. National/Regional Banks, Other Financial Services, Cryptocurrency, Credit Unions, and Payment Services were targeted heavily, with almost every industry seeing an increase in malicious activity. The top threat types targeting Financials are Fraud, Cyber Threats, and Impersonation.
National/Regional Banks were the most targeting industry in Q3, contributing to 32.27% of share. National/Regional Banks historically experience the greatest extent of abuse on social media and saw a nearly 2% increase in malicious activity over Q2.
Other Financial Services, such as Investment Brokerages, claimed the second spot, representing 20.2% of share of volume. Attacks on Other Financial Services have grown quarter-over-quarter so far this year, increasing more than 2.5% in Q3.
Cryptocurrency rounded out the top three most abused, contributing to 9.4% of share of volume. Formerly in sixth place, Cryptocurrency experienced the largest increase in attacks among all industries in Q3.
Credit Unions experienced the only decrease in activity among financials in Q3, and accounted for 6.6% of attacks. Malicious activity targeting Payment Services grew in share and count, rounding up to nearly 6% of total volume.
Retail and Computer Software made up 9.3% and 8.4% of social media attack volume, respectively, and were the top non-financial institutions targeted. Both industries saw a decline in attacks in Q3.
Other industries targeted:
- Dating 4.3% (-0.8%)
- Telecom 1.1% (+0.7%)
- Staffing & Recruiting 0.7% (-0.7%)
As bad actors increasingly use social media to launch attacks, it is critical that security teams familiarize themselves with the types of threats targeting their organizations and the platforms they live on. The rapid nature of content sharing on social channels can impact an organization’s reputation swiftly, and security teams should have playbooks in place to address malicious activity targeting their brand and customers. It is particularly important to develop relationships with social media providers to expedite the removal of malicious activity.
Learn more about how you can protect against threats on social media with PhishLabs’ Social Media Protection.
