The first quarter of 2022 saw phishing attacks hit a record high, topping one million for the first time, according to data from the Anti Phishing Working Group (APWG).
The industry, law enforcement and government coalition’s new Phishing Activity Trends Report also revealed that March was the worst month on record for phishing, with 384,291 attacks detected.
The financial sector was the worst hit, accounting for 24% of all detected attacks, although webmail and SaaS providers were also popular targets.
Attacks spoofing retailers dropped 17% from the previous quarter to 15% following the busy holiday shopping season, while those against social media services rose significantly, from nearly 9% percent of all attacks to 13% over the same period.
In related news, security researchers released details this week of a major new Facebook phishing campaign that they believe may have targeted hundreds of millions of social media users.
Active since at least September 2021, the campaign scaled up significantly in April and May 2022, according to security vendor Pixm.
Users are tricked into entering their credentials into a legitimate-looking Facebook portal in order to view a video. With these, the threat actor hijacks the account and sends out more links to the victim’s contacts via Facebook Messenger.
These links are not blocked by Facebook because they are generated by legitimate services like glitch.me, famous.co, amaze.co and funnel-preview.com.
“This technique involves the use of completely legitimate app deployment services to be the first link in the redirect chain once the user has clicked the link. After the user has clicked, they will be redirected to the actual phishing page,” Pixm explained.
“However, in terms of what lands in Facebook, it’s a link generated using a legitimate service that Facebook could not outright block without blocking legitimate apps and links as well.”
Once the victim has entered their credentials into the phishing portal, they’re redirected to various landing pages, via which the threat actor can monetize the campaign.
“This revenue is generated from a combination of ad tracking tools on the landing pages, and the redirects after a user enters their credentials on the phishing page,” Pixm said.
“These pages will typically route to a malvertising or advertising page prompting additional interaction from the user, which the threat actor collects referral revenue from.”
At least 8.5 million users have visited the phishing portal so far in 2022, illustrating the continued success rates that such attacks can generate.