In 2020, the number of phishing attacks doubled, reaching an all-time high in January of this year, with 245,771 unique phishing sites detected in the same month. Although the number fell in February, in March the upward curve returned and exceeded 200,000 malicious sites. It is worth noting that from April 2020 to March 2021 there is a continuous upward curve in phishing activity.
24.9% of phishing attempts were recorded during the first quarter, followed by social networks with 23.6% and email service providers through websites with 19.6%.
Another element that grew was the number of emails with a total of 172,793 in the same month. In this case, after the peak in January, the number of emails fell to less than 50,000 in March.
On the other hand, the number of organizations whose image was used in these social engineering attacks exceeded 400 in each of the months of the first quarter of 2021, reaching 465 the number of brands used in phishing campaigns in March.
Phishing attacks targeting social network users went from 11.8% in 2020 to 23.6% during the first three months of 2021, with cybercriminals launching attacks with the aim of hijacking social network accounts to probably sell the accesses in internet markets. darkweb.
Lower in percentage, but worth mentioning, 7.6% of the attacks targeted e-commerce and 5.8% targeted logistics or parcel delivery services.
It confirms something that has been mentioned in several phishing campaigns analyzed in recent times in that it is no longer enough to verify if a site is safe or not by analyzing if it has HTTPS, since 83% of the sites detected used this protocol.
They are scams targeted by the finance departments of organizations and that use email to generally impersonate a trusted person, such as an employee of the organization itself or of a partner company, to request the sending of a money transfer. .
The average amount of transfers requested in the framework of this type of scam known as BEC in the first quarter of 2021 was $85,000, which represents a new all-time high. The average amount in the last quarter of 2020 had been $75,000. Finally, mention that social engineering attacks, mainly phishing, are responsible for 20% of the security incidents registered by Latin American companies during 2020.