Social Media Attacks Doubled in 2021 According to Latest PhishLabs Report

Posted on February 15, 2022

Financial Institutions Most Targeted Sector, Accounting for 68% of Social Media Attacks

MINNEAPOLIS – February 15, 2022 – Social media as a threat channel saw a two-fold increase in attacks throughout 2021, according to the latest Quarterly Threat Trends & Intelligence Report from PhishLabs by Fortra, the leading provider of digital risk protection solutions.

In Q4 and throughout 2021, PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.

According to the findings, the number of social media attacks per target increased 103% from January 2021, when enterprises were experiencing an average of just over one threat per day. In December, enterprises averaged over 68 attacks per month, or more than two per day.

“2021 was another record-setting year for social media as a threat channel. Threat actors use social media to commit fraud, impersonate brands and executives, and launch a variety of cyber threats, forcing security teams to monitor a variety of platforms for activity targeting their enterprise,” said John LaCour, Principal Strategist at Fortra. “Financial Institutions were the most actively targeted by threat actors since their services are often used broadly across several business sectors.”

Additional Key Findings

  • Hybrid Vishing (voice phishing) attacks initiated by email increased 554% in volume from Q1 to Q4.
  • Phishing volume has grown 28% year-over-year, with half of all phishing sites observed in Q4 being staged using a free tool or service.
  • Malware delivered via email nearly tripled in Q4, led by a resurgence in Qbot and ZLoader attacks.
  • 70% of advertisements for stolen data took place on chat-based services and carding marketplaces in Q4.
  • The percentage of attacks targeting financial institutions increased from 33.8% in Q1 to 61.3% of all phishing sites observed in Q4.

“While threat actors continue to target high-value industries, they are also investing resources into exploiting ill-prepared organizations through platforms like social media,” said LaCour. “In 2022, enterprises must broaden their line of defense starting with strong, cross-channel monitoring, and building relationships with technology providers in new areas to quickly minimize the scope of threats targeting their organization.”

Additional Resources

To learn more about the report findings and what recent changes to the threat landscape mean for businesses, attend the live webinar at 2 PM EST today or watch on-demand.


About PhishLabs by Fortra

PhishLabs by Fortra is a cyber threat intelligence company that delivers Digital Risk Protection through curated threat intelligence and complete mitigation. PhishLabs provides brand impersonation, account takeover, data leakage and social media threat protection in one complete solution for the world’s leading brands and companies. For more information visit

About Fortra 
Fortra is a software company focused on helping exceptional organizations secure and automate their operations. Our cybersecurity and automation software protects information and simplifies IT processes to give our customers peace of mind. We know security and IT transformation is a journey, not a destination. Let’s move forward. Learn more at

PR Contacts:

North America:
Angela Tuzzo, MRB Public Relations
[email protected]

Lottie Hutchins, Touchdown
[email protected]
+44 (0) 7951065119

Recent News

A PhishLabs report by security writer Brian Krebs was featured in a CNET article warning web users about HTTPS security fraud on the Internet.

Founder and CTO of PhishLabs John LaCour spoke with FBI Special Agent Davey Ware at the RSA Conference in San Francisco to talk about how vishing attacks work to defraud victims of their money and

Half of all phishing sites now have padlocks, but are anything but secure

Originally published in BLEEPINGCOMPUTER


Charleston-based cybersecurity company is named a top employer in South Carolina.