New research has observed a steep rise in the year-to-date number of phishing attacks taking place on social media.

phishing attacks on social media

The study, PhishLabs Threat Trends and Intelligence Report, showed a leap of 31.5% in the level of attacks leveraged against users of Instagram, Twitter among other favourite social platforms.

September 2021 was noted as a particularly bad month, with phishing activity more than doubling in comparison with the same month last year.

John LaCour, Founder and CTO of PhishLabs, said:

“While we saw a drop early this summer in phishing volume, threat actors didn’t take the whole summer off. Attacks have been on the rise since July and surged in September. If these trends continue, many IT security teams will find themselves dealing with a deluge of threats over the holidays.”

Additional key findings included:

  • Social Media Attacks Skyrocket in 2021: Since January, the average number of social media attacks per target climbed steadily, up 82 percent year-to-date.
  • Vishing is Increasing: Vishing incidents more than doubled in number for the second consecutive quarter, suggesting a shift in tactics as threat actors seek to evade email security controls.
  • O365 Users Beware: In Q3, 51.6 percent of credential theft phishing attacks reported by corporate users targeted O365 logins.
  • PII Grows on the Dark Web, Leveraging Chat Services: The sale of Personally Identifiable Information accounted for 12 percent of dark web threats and was primarily made up of threat actors marketing employee email addresses to black market buyers. In 56 percent of PII sales, chat-based services were used to market the data.

LaCour added:

“The continued climb in social media threats makes it imperative that businesses prioritize visibility across platforms such as Twitter, Facebook, Instagram, and more. As seasonal hiring ramps up for the holidays, the staffing industry in particular needs to be prepared to deal with online impersonation and other scams,” says LaCour.