Get The Latest Insights

By John LaCour | September 16, 2021

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises to identify key trends in the threat landscape. In this piece we take a look at phishing volume, industries targeted, and how attacks are being staged.

2021 Phishing Volume

High-volume phishing campaigns have contributed to dramatic fluctuations in attacks over the course of 2021. Overall, total phishing sites in H1 2021 have exceeded H1 2020 reports by 22%. Phishing volume did experience an uncharacteristic decrease in June, with almost 15% fewer attacks when compared to June of last year.

PhishLabs' Quarterly Threat Trends & Intelligence Report
Total Phishing Sites by Month

Top Targeted Industries

The top 6 industries targeted saw 99% of all phishing attacks this quarter. Among the most targeted included:

  1. Financial Services
  2. Social Media
  3. Telecommunications
  4. Webmail & Cloud Services
  5. Ecommerce
  6. Dating

The Financial Services Industry was targeted most this quarter, accounting for 49.1% of phishing attacks. Social Media experienced a decrease of almost 20%, falling to second place after leading all other industries in Q1.

Notably, industries that commonly provide a Single Sign-On (SSO) service for secondary accounts such as Social Media, Webmail & Cloud Services, and Ecommerce were all highly targeted, representing 45% of phishing attacks. This is a 5% increase from last quarter. This highlights the high-value threat actors place on SSO, as compromising one account may give criminals access to a variety of resources. SSO has recently been added to CISA’s catalog of bad practices.

Staging Methods

PhishLabs' Quarterly Threat Trends & Intelligence Report
Staging Methods

Compromising legitimate websites continues to be the single leading method of staging phishing sites. This quarter, compromised sites contributed to 27.2% of all phishing sites, representing a slight increase in share from Q1.

Notably, 62% of phishing sites abused free tools and services. Within the group, Tunneling Services contributed to the majority, making up 24% of all no-cost cases. This was a 13.1% increase from last quarter and can be attributed to social media threat actors shifting from free domain registrations to tunneling services.

Both Free Hosting Services (16.6%) and Free Domain Registrations (11.8%) declined in share from Q1, however they remained leading staging methods among the free services used.

Paid Domain Registrations (10.8%) and Developer Tools (1.4%) experienced a decrease in Q2, whereas URL Shorteners grew 3% in share and were responsible for 8.2% of phishing sites.

While phishing volume experienced dramatic highs and lows this quarter, attacks continue to exceed last year. Threat actor abuse of free tools and services to stage these attacks continues to grow, and industries that use SSO are increasingly a preferred target.

To learn more about these trends, and what security teams can expect, download the Quarterly Threat Trends & Intelligence Report.