By John LaCour | March 1, 2022
Social Media attacks targeting enterprises increased 103% in 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report. Social Media is rapidly becoming the threat channel of choice for criminals. The rapid expansion of consumer/business relationships through social platforms, coupled with less refined and controllable online security measures, makes social media a prime target for threat actors.
Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises, their brands, and their employees. In this post, we analyze social media attacks targeting PhishLabs’ clients to better understand the top threat-types and industries most impacted.
In addition to the high volume of reputational threats targeting organizations, on average, PhishLabs’ clients experienced one social media threat per day in January 2021. By December, organizations were targeted more than twice each day, representing a two-fold increase over the course of the year.
Top Threat Types
In Q4, Fraud represented the majority of social media threats, contributing to 42.3% of all attack volume. Despite experiencing a 1.1% decrease in share, Fraud-related scams such as the exposure of banking details or account credentials continuously make up the greater share of malicious incidents on social media.
Cyber Threats (such as hacking and the sale of exploits) increased in share in Q4, contributing to just over 27% of Social Media attacks. Impersonation experienced a similar increase, representing more than a quarter of total threat volume. Common examples of Social Media Impersonation are accounts that falsely represent brands, executives, and employees.
Data Leaks (credentials or proprietary information) and Physical Threats represented 2.8% and 0.3% of all Social Media attacks, respectively.
Financial-related businesses were targeted with the lion’s share of Social Media attacks in Q4. The industries most impacted included Banking, Payment Services, Credit Unions, and Other Financial Services, which as a group contributed to more than 63% of attack volume. Financials are highly targeted because their services are used broadly across several business sectors.
Banking was the most targeted industry in Q4, representing 38.1% of total threat volume. Payment Services came in second, despite experiencing a more than 16% decrease in share from Q3.
Outside of Financials, Dating Services experienced an increase in attacks in Q4. Dating contributed to 11.7% of attacks and has consistently remained among the top five industries targeted on Social Media throughout 2021.
Retail businesses also experienced an increase in Q4, representing 7.8% of all Social Media attacks and moving the industry from the tenth most targeted, to the fifth.
Additional Industries Targeted:
- Computer Software 6%
- Cryptocurrency 4.6%
- Energy 1.5%
- Others 5%
The volume of Social Media threats roughly doubled throughout the course of 2021 when measured in terms of the number of average attacks individual organizations experienced each month. This increase was largely driven by attacks on Financial Services Industries, where Banking alone experienced an 11.5% increase in share.
To proactively protect against malicious activity on Social Media, security teams should prioritize the identification of threat types relevant to your organization and build strong relationships with social media providers to maintain multiple takedown methods.
To learn more, download the PhishLabs Quarterly Threat Trends & Intelligence Report (FEB).