Phishing emails are seeing a huge rise, so stay on your guard

(Image credit: wk1003mike / Shutterstock)

Small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyberattacks as their numbers have grown explosively over the last year, experts have warned.

A report from Cofense analyzed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022. 

Reports related to credential phishing were up 478% last year, as well.

Emotet and Quakbot

When crooks are not phishing for login credentials and other identity data, they’re trying to distribute ransomware and other forms of malware. 

Emotet and QuakBot remain the two malware families that are being distributed the most, the researchers said, adding that the number of malware attacks rose 44% year-on-year. Emotet is particularly impressive, they say, as even after months of inactivity, this botnet managed to out-scale all other malware delivery campaigns with relative ease.

For Tonia Dudley, Vice President and Chief Information Security Officer at Cofense, these threats increased in frequency, intensity, and sophistication, warranting a swift response from IT teams. “The increase in nation-state attacks and major incidents overall continues to apply pressure to drive visibility of an organization’s security program by boards, corporate executives and cyber insurers,” Dudley said. “With this pressure, organizations must continue to evaluate ways to mitigate risk and assess what email security controls need to be added or enhanced to raise their overall security posture.” 

Cofense also says organizations should keep both eyes open for Business Email Compromise (BEC) attacks, as this type continues being “one of the top cybercrimes” for the eighth year in a row.

Finally, Web3 technologies used in phishing campaigns increased by more than three-fold (341%), while the number of Telegram bots used as exfiltration destinations increased eight times (800%).

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.