"Smishing and Vishing Attempts Surged in 2021"

Security researchers at Proofpoint found that SMS phishing (smishing) attacks more than doubled year-on-year in 2021 as cybercriminals looked to exploit human error to compromise devices.  The researchers conducted a study analyzing over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts, 1.7 billion mobile messages, and many other data points.  The researchers stated that the increase in smishing could be down to changing personal habits: as most consumers now use their personal devices for work, cybercriminals have spotted a “two-for-one” opportunity.  The researchers also saw a surge in telephone-based threats, such as tech support scams and vishing attempts to distribute malware to users’ computers or devices.  The researchers noted that there is a continued threat to organizations from their supply chains.  Over 80% of businesses are attacked by a compromised supplier account each month, the researchers warned, adding that organizations should improve security awareness training around these specific threats.  The researchers also warned of the risk to organizations from attacks targeting privileged users.  The researchers found that although they comprise just 10% of users, managers and executives account for nearly half of attacks or “severe risk.”  Similarly, departments that deal with sensitive information like human resources (HR) or finance are more likely to be targeted.

Infosecurity reports: "Smishing and Vishing Attempts Surged in 2021"