Get The Latest Insights

By John LaCour | November 23, 2021

Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. While trends have been erratic, multiple spikes in activity continue to make phishing the most dominant attack method on the threat landscape. Threat actors are experimenting with a variety of tactics to target enterprises with these attacks, and email continues to be the primary vector for distributing lures.

Every quarter PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises. In this post, we break down the increasing phishing volume targeting brands and their customers.

Phishing Trends Continue to Outpace 2020

To date, the total number of malicious sites identified outpace 2020 by almost 32%. Q3 2021 in particular experienced the greatest increase, with volume increasing 60% compared to the same time last year. The most significant spike in activity occurred in September, when phishing volume more than doubled (118%).

This increase may be attributed to a number of new targets emerging, such as cryptocurrency exchanges, online gaming sites, and various retailers.

Top Targeted Industries

The top six industries targeted by phishing attacks experienced recognizable fluctuations in Q3 despite retaining their order from the previous quarter. Financials experienced the biggest increase in attacks and were targeted 55% of the time, making it the most attacked industry.

Within the group, National Banks were attacked 92% of the time, after experiencing a 34.7% increase in Q3. Phishers heavily target National Banks due to the high degree of certainty that a spoofed email will reach a legitimate customer using those particular services rather than the customer of a smaller credit union or payment service.

Social Media businesses retained the second spot among all industries, despite experiencing an 11.9% decrease in phishing. Attacks targeting Social Media sites have been on the decline since Q1 when it was the top targeted industry.

Other Top Targeted Industries:

  • Telecommunications 7.4%
  • Webmail & Online Services 5.1%
  • Ecommerce 1.1%
  • Dating 0.4%

Site Staging

Threat actors relied on a variety of methods to stage phishing sites in Q3. Notably, many moved away from free tools and services, choosing instead to use compromised sites and paid domain registrations to stand up attacks.

All five categories of free tools and services experienced a decrease in activity:

  • Tunneling 21% (-3%)
  • Free Hosting 15% (-1.6%)
  • Free Domain Registrations 8.1% (-3.7%)
  • URL Shorteners 6% (-2.2%)
  • Developer Tools 0.8% (-0.6%)

While free methods as a whole still accounted for the slim majority of abuse (51%), Compromised Sites were used 8% more in Q3, accounting for 35.3% of attacks. Paid Domain Registrations also increased.

Domain Abuse

In Q3, over 65% of all phishing attacks used Legacy generic Top-level domains. Of that sample, more than half were using .com, up 15.2% from last quarter. Threat actor use of ccTLD (Country Code) .ca also increased, making up 10.3% of the total TLDs abused.

Notably, free domains .tk, .ml, .cf, .ga, and .gq were absent for the second quarter in a row. Also absent from the top 10 were ccTLDs .mx, .uz, .monster, and .ae.

Spikes in phishing attacks throughout the year indicate Q4 will likely continue to trend up. In order to protect enterprises from these threats, security teams should invest in resources to proactively detect attacks originating from a broad variety of methods.

To learn more, download our Quarterly Threat Trends & Intelligence Report.