"Hybrid Vishing Attacks Soar 625% in Q2"

Security researchers at Agari have found that detections of multi-stage phishing attacks known as “hybrid vishing” grew by over 600% from Q1 to Q2 2022, as fraudsters sought new ways to circumvent traditional security controls.  The researchers stated that hybrid vishing threats are multi-stage attacks that differ from traditional vishing by first interacting with the victim via email.  The researchers noted that the actor includes a mobile number within the email body as a lure, designed to trick the victim into calling and submitting sensitive information to a fake representative.  Vishing, or phone-based phishing attacks, comprised a quarter (25%) of the so-called “response-based” scams analyzed by the researchers.  Other types in this category were 419 scams (54%), business email compromise (16%), and job scams (5%).  The researchers stated that together, these response-based attacks now represent two-fifths (41%) of email threats, up 3.5% from the previous quarter and representing the highest share since 2020.  Credential theft (55%) and malware delivery (5%) round out the other types of corporate email threats.  The researchers stated that interestingly, nearly three-quarters (73%) of BEC attacks in Q2 were launched using free webmail services, a 3% rise on Q1 figures.  By contrast, those using spoofed or hijacked domains accounted for just a quarter (27%) of attack volume.  Gmail (72%) was the most abused email service.

Infosecurity reports: "Hybrid Vishing Attacks Soar 625% in Q2"