Types of phishing attacksAs cyber crime becomes a significant threat, cyber attacks take on different shapes and platforms. The most widespread type of phishing scam in 2022 was bulk phishing, with around 85 percent of companies worldwide experiencing it.
Cyber attacks that use mobile phones to deliver phishing are called smishing. In 2022, around three in four organizations worldwide reported having experienced this type of attack. In the same year, Peru had the highest share of users experiencing mobile phishing attacks with credential theft, followed by the Bahamas.
Another form of phishing, business e-mail compromise (BEC) attacks, was commonly detected in the Americas. These scams were primarily delivered in the form of luring.
In vishing attacks, also considered social engineering attacks, threat actors use phones to extract confidential information from victims. Seven in ten organizations reported experiencing vishing scams in the most recent measured period.
Which industries are targeted by phishing attacks?In the fourth quarter of 2022, financial institutions were the biggest target of phishing attacks, followed by software services, and webmail. Delivery services were also vulnerable to phishing attacks, as in 2022 over 27 percent of overall detected phishing attacks targeted these companies.
Regarding financial impact through phishing attacks, business and professional services and the media and entertainment sector had the highest losses.
In phishing simulations in worldwide organizations, the engineering sector showed the highest failure rate among other industries, followed by aerospace and mining.