Key Findings from the Quarterly Threat Intelligence and Trends Report

In today’s online landscape, it’s crucial for organizations to stay abreast of threats that put their businesses at risk. Agari and PhishLabs have put together their quarterly Threat Intelligence and Trends Report detailing their analysis of phishing and social media attacks this quarter. The report presents statistics regarding the volume of attacks, the tactics used by cybercriminals and the main targets of these attacks, documenting the changes since the last quarter. Below are the main findings of the report.

Total phishing site volume increased nearly 6% from the first quarter and remains stable, unlike the erratic spikes in activity that occurred in 2021. For the remainder of 2022, phishing volume is expected to grow steadily as criminals uncover weaknesses in businesses. lie and take advantage of their vulnerabilities.

Although financial institutions remain the top sector targeted with 42% of attacks, these attacks have decreased by more than 19% since 2021. The second most targeted sector is telecommunications, which suffers 23% of all phishing attacks. Social media accounted for 21% of overall volume, despite a slight decrease in attacks.

Phishing targeting professional users

Malicious emails increased in volume in the second quarter despite a slight decrease in the total share of emails, accounting for 6.8% of the total. Emails categorized as Do Not Engage increased in volume and share, accounting for 12% of emails reported by employees. These emails do not contain clear indicators of malicious intent, but are considered suspicious. Emails classified as no threat detected accounted for 81.3% of emails reported by employees, down slightly from the second quarter.

Credential theft attacks decreased by 4.2%, but still accounted for the largest proportion of email-based threats, at almost 55%. Response-based attacks that rely on social engineering tactics reached the highest volume and proportion since 2020, accounting for 41% of email scams. Malware delivery increased slightly and accounted for 4.5% of attack volume. Credential theft attacks targeting Office 365 accounts reached a six-quarter high in both share and volume, accounting for more than 58% of all credential theft phishing links.

In the second quarter, 54.2% of response-based email threats were advanced fee scams (also known as 419 scams), up 3.4% this year. BEC also increased, accounting for 16.3% of attacks. Hybrid vishing attacks hit a six-quarter high, a 625% increase since Q1 2021, accounting for 24.6% of threat-based responses. Despite a slight decline in share, overall vishing volume increased.

Emotet reports increased by 30.7% and accounted for 47.4% of malware payload volume, surpassing QBot at 42.8%. Bumblebee, first detected in March 2022, was the third most reported payload with 2.9% of all attacks. Emotet, disrupted and dismantled by the authorities in January 2021, has recovered and regained the payload status most often preferred by cybercriminals. Emotet operators are believed to be testing new tactics to gauge their effectiveness since its re-emergence in November 2021.

Abuse of free webmail accounted for 73% of BEC attack volume, while maliciously registered or compromised accounts dropped to 27%. The top vendor abused by cybercriminals in BEC attacks was Google/GMAIL, accounting for 71.7% of the total attack volume. Microsoft saw the largest increase in share, growing more than 6% to contribute 8.3% of BEC incidents.

Social media attacks increased by 20.3% compared to the first quarter (102% compared to the second quarter of 2021), with an average of nearly 95 attacks per company per month. Impersonation scams fell 6.1%, but still accounted for the largest share of social media threats at 40.7%. Fraud and cyber threats both rose to take second and third place. Data leaks have declined for six consecutive quarters and accounted for just 0.4% of social media threats in Q2, down from nearly 25% in Q1 2021.

Brand impersonation decreased 7% from Q1, accounting for 25% of social media attack volume, while executive impersonation increased to 15, 3% of social media attack volume. Brand and management presence on social media is an important factor in business success, and cybercriminals continue to take advantage of this by misusing company names and faces for their own purposes.

The financial sector accounted for more than 68% of social media attacks in the second quarter; national/regional banks take first place with 30.5%. Computer software was the only non-financial institution to see an increase in the share of attacks, up 0.7% to account for 13.4% of all abuses.

Credit and debit card fraud accounts for the largest share of all dark web incidents at 67.3%, up from 13.6%. The sale of corporate credentials accounted for 13.1% of dark web incidents, making it the second most common threat on the dark web despite a significant decline in share, followed closely by information consumer identification at 13%.

Financial institutions accounted for nearly 79% of dark web attacks (40.1% national/regional banks, 30.3% credit unions, 6.8% financial services). Telecoms and ISPs accounted for 8% of all dark web abuse, down 0.5% from their share. Staffing and recruiting, dating and retail also saw declines in share.

Cybercriminals use various avenues to market and sell stolen data. In Q2, 45.1% of stolen data listings were observed to be traded on chat-based services, an increase of 24.1% in share. Card Markets and Forums declined in share and accounted for 22.1% and 18.7% of the total, respectively, while Credential Markets increased by 1.1% in share to 13.3%.


Threat actors are taking advantage of new and uncommon methods to maximize the effectiveness of attacks. Phishing remains the top online threat, with monthly volume down slightly despite a 6% increase from the first quarter. Response-based email scams continue to rise, reaching the highest volume recorded since 2020. The hybrid vishing attacks seen in Q2 are a prime example of cybercriminals altering their tactics to circumvent security measures.

Malicious actors have targeted organizations more in the first half of 2022, increasing investment in new, non-traditional tactics in addition to generally reliable methods. It’s important that security teams invest in monitoring and protections that track threat trends as much as possible, partnering with technology vendors where necessary to protect against abuse.

About the Author: PJ Bradley is a writer on a wide variety of subjects, passionate about learning and helping others above all else. With a bachelor’s degree from Oakland University, PJ likes to use his desire to always understand how things work to write about topics that spark interest. PJ spends most of his free time reading and writing.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.

Analysis of previous reports

Q1 2022 Phishing Threat Intelligence and Trends Report

Comments are closed.