Global Phishing Attacks Reach New Heights in 2021

In late February, the Anti-Phishing Working Group published its Q4 report that analyzes phishing attacks and other identity theft techniques that are reported by its member companies and industry experts. In the report, the group indicates that the number of phishing attacks has "more than tripled since early 2020," from 94,000 attacks per month to a record 316,747 attacks in December 2021. Throughout 2021, The number of phishing attacks per month steadily increased from a statistical average of about 180,000 attacks to 280,000 attacks per month.

The majority of these attacks targeted the financial sector (23.2%), followed closely by online software platforms (SaaS) and webmail (19.5%), and eCommerce/retail (17.3%). While the majority were executed by email (predominantly using GMail accounts), there were also a significant number of "smishing" (SMS phishing) and "vishing" (voice call phishing) attacks.

The report also notes that successful ransomware attacks were up 36% from October to December 2021 impacting a total of 4,200 companies, organizations, and government institutions. These attacks impacted all sectors, with manufacturing, retail, wholesale, and business services making up 45% of all attacks. 4% of these attacks impacted educational institutions. The majority of these attacks were in North America and Western Europe, tending to target companies with substantial revenue, more likely to pay the ransom.

The full report is available on the Anti-Phishing Working Group website at apwg.org. The 4Q findings suggest that people must be more diligent than ever when managing email messages, text messages, and phone calls that appear to be from legitimate sources on the surface. Be #BearAware about any message that requests personal information or makes some kind of brand-based offer that seems "too good to be true" - it likely is.

If you receive a message that seems phishy, forward it to abuse@baylor.edu for review by Baylor's IT security team and then delete it. If you ever have any questions about phishing or cybersecurity at Baylor, please contact HelpDesk+ in person on the garden level of Moody Memorial Library, by phone at (254) 710-4357, or by email at helpdesk@baylor.edu.

The Anti-Phishing Working Group is an international coalition that seeks to unify the global response to cybercrime across industry, government and law enforcement, and NGO communities. The group, founded in 2003, is comprised of over 2,200 member institutions and, according to its website, advises national governments; global governance bodies like the Commonwealth Parliamentary Association, the Organisation for Economic Co-operation and Development, the International Telecommunications Union; hemispheric and global trade groups; and multilateral treaty organizations such as European Commission, the G8 High Technology Crime Subgroup, the Council of Europe’s Convention on Cybercrime, the United Nations Office of Drugs and Crime, the Organization for Security and Cooperation in Europe, Europol EC3, and the Organization of American States.