Get The Latest Insights

By John LaCour | February 24, 2022

Hybrid Vishing attacks have increased 554% in volume, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Response-Based attacks such as these, combined with Credential Theft and Malware Delivery, collectively represent the top online attack vector targeting corporate users.

Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises, their brands, and their employees. The data in this post is intelligence collected through our Suspicious Email Analysis solution.

Threats in Corporate User Inboxes

Credential Theft

Credential Theft continues to be the dominant email threat targeting enterprises, contributing to nearly 52% of all email-based attacks despite a decline in share for two consecutive quarters.

Phishing links represent the vast majority of Credential Theft reports, making up 82% of attacks. Of those, nearly half target Office 365 specifically. In-network applications like Office 365 are highly sought after due to the broad range of data and applications made accessible if an account is compromised.

An additional 18% of all Credential Theft attacks were classified as Docuphish. A Docuphish is defined as a malicious document sent as an attachment which contains a phishing URL.

Response-Based Attacks

In 2021, Response-Based attacks increased consistently in share each quarter, demonstrating the continued effectiveness of socially-engineered attacks on unsuspecting users. In Q4, more than 50% of all Response-Based scams were 419 or “Nigerian Prince” scams. This is a slight decline in share from Q3.

Vishing attacks more than quintipled in percentage in share over the course of 2021, increasing 554% in volume. These hybrid threats contributed to more than 27% of all Response-Based threats, signaling a shift away from traditional Vishing tactics.

In these Vishing campaigns, threat actors use socially-engineered email lures to trick victims into calling a mobile number in the body of the message. When the victim calls the number, they are connected with a fake representative requesting sensitive information.

Although effective and costly, BEC scams declined in share in Q4, representing just over 11% of all Response-Based threats. Job Scams and Tech Support scams contributed to 9.4% and 1.4% of reports, respectively.

Malware Delivery

Malware threats nearly tripled from Q3 to Q4, after heightened reports of Qbot and ZLoader attacks in user inboxes. These two families contributed to almost 89% of all payload activity in Q4, after experiencing a dip in volume the previous quarter.

Qbot was the top reported payload, representing 59.3% of reports. Qbot is a popular banking trojan that had a dominant presence in the first half of 2021. ZLoader had the second highest payload volume among known families in Q4, contributing to almost 30% of reports. ZLoader is a multi-purpose malware-as-a-service (MaaS) that has maintained consistently high activity since 2020.

Q4 also saw the return of the widely-distributed Emotet payload. Although reports of Emotet were minimal, these attacks were the first recorded since the crime family’s alleged dismantling in January 2021.

Phishing remained the most dominant attack method across all online threats in Q4. While Credential Theft continued to contribute to the majority of attacks, the dramatic increase in hybrid Vishing threats over the course of 2021 demonstrated how threat actors are evolving their tactics to enhance the success of campaigns.

To learn more, download the PhishLabs Quarterly Threat Trends & Intelligence Report (FEB).