Social media attacks targeting enterprises have increased 105% from Q1 2021 to Q1 2022, according to Agari and PhishLabs’ latest Quarterly Threat Trends & Intelligence Report. Social media threat volume has consistently climbed quarter over quarter, as threat actors increasingly use social platforms to target business via fake pages, messaging, and advertisements.
Every quarter, Agari and PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises, their brands, and their employees. Below, we break down the top threat types on social media targeting Agari and PhishLabs’ clients and industries most impacted.
The growing number of businesses using social media to build their brands has cultivated an environment ripe for abuse. Illegitimate images and communications can be shared swiftly to a broad audience, many of whom are negligent in their security vigilance.
From Q4 2021 to Q1 2022, social media attacks targeting organizations have increased more than 27%. Today, the average organization can expect to experience nearly 81 social media attacks per month. These numbers do not include the substantial volume of reputation-oriented social media posts targeting businesses during the same time period.
Top Threat Types
In Q1, Impersonation attacks surged nearly 20% of share to represent 46.8% of all social media threats. Impersonation attacks have now increased for three consecutive quarters. Q1’s increase in volume pushes Impersonation attacks to the top spot, unseating historical leader Fraud as the preferred threat type on social media. Fraud represented 28.3% of all social media attacks after experiencing a 14% decline in volume from Q4 to Q1.
Cyber threats (for example, hacking) contributed to nearly 24% of all social media attack volume in Q1 after experiencing a 3.9% decrease in attacks. Data Leaks and Physical Threats were largely insignificant, representing 1% and 0.4% of all attack volume, respectively.
Top Targeted Industries
The Banking industry was targeted most on social media in Q1, contributing to more than 30% of attack volume, despite experiencing a decrease of 7.2% in share from Q4. Banking is consistently targeted by bad actors on social media to conduct fraud.
Threat actors continue to turn their attention to Retail to impersonate and capitalize on businesses that are increasingly using social channels to build brand awareness and engage with customers. Attacks on Retail increased in Q1, contributing to nearly 14% of total attack volume and moving the industry to the second spot.
Computer Software and Other Financials also experienced increased abuse in Q1, representing 12.7% and 10.8% of total attack volume, respectively. Social media attacks on Credit Unions declined slightly, contributing to 8.9% of abuse.
Dating, consistently among the top five targeted industries throughout 2021, moved to the sixth spot after experiencing a nearly 5% decrease in share in attacks.
Other industries abused:
- Payment Services 6.4% (-6.3%)
- Cryptocurrency 4.4% (-0.3%)
- Staffing & Recruiting 1.8% (+0.8%)
- All Others 3.6% (-)
In order to protect against attacks on social media, organizations should proactively monitor for threat types specific to their industry across a broad range of platforms. Additionally, security teams should familiarize themselves with the policies and procedures for removing suspicious content from relevant social media sites in order to ensure swift mitigation once a threat has been identified.
To learn more, download the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report (May 2022).
