Research reveals exploding external attack surface for businesses, with fraud campaigns at highest levels since start of pandemic
While not yet in our collective rear-view mirror, the pandemic has solidified a digital-first mindset that’s resulted in the explosive growth of digital-based services. And online fraudsters have taken notice. Here at Bolster, we’ve been tracking phishing and scam attempts for over three years, and as we explore in our 2022 State of Phishing and Online Fraud Report, the data shows with no uncertainty how the pandemic has impacted digital adoption and cyber fraud.
In total, our research revealed more than 10.5 million phishing and scam pages in 2021. This represents a more than 1.5x increase over 2020 levels, and a 2.5x increase over 2019 levels.
Figure 1. Global phishing & scam data: 2020 vs. 2021
Bigger Online Brands = Bigger Targets = Bigger Attacks
People, many for the first time, are working and studying from home, while realizing the convenience of digital services they’d never previously used. Adoption of digital services like meal delivery, curbside grocery pickup, gaming, and streaming media have soared during the pandemic. The heightened demand has raised the profile of many digital brands and as a result exposed many to fraud.
Brands across virtually all industry verticals are at risk of fraud. But as we explore in our 2022 State of Phishing and Online Fraud Report, the risk more than doubled in 2021 for retail and social networking brands, more than tripled for e-commerce brands, and more than quadrupled for the SaaS, communications, gaming, and streaming brands. Perhaps unsurprisingly, significant upticks were observed in particular for digital stalwarts Adobe, Amazon, Facebook, and Netflix.
Figure 2. Top brands phished: 2020 vs. 2021
The risks to online brands remain unchecked. The growing number of digital touchpoints that exist between customer and online brand is fueling an expanded attack surface spanning web properties, social media platforms, app stores and marketplaces. The volume, proliferation and sophistication of attacks is driving a renewed thinking around brand protection, specifically what a modern brand protection program should look like. And in many cases, businesses are tapping their InfoSec teams to implement. In fact in a recent webinar, Jake Williams, Senior Instructor at the SANS Institute, didn’t mince his words when he declared that ‘brand protection IS a InfosSec problem'. Give a listen here:
Follow the Trends: Bolster Global Fraud Index
As a companion to our 2022 report, we’ve also introduced a new dashboard on bolster.ai featuring our recently introduced Bolster Global Fraud Index. The index is derived from monthly fraud measurements, indexed to January 2020 levels (value = 1000) to generate a 24+ month trend line for online fraud. In this manner, we're able to measure relative changes to global risk month over month. And by indexing the data to January 2020 specifically, before the world went sideways (and remote), we're able to observe the effects that both COVID and the resultant digital transformation efforts have had on fueling the upward trend line. As of February 2022, the Global Fraud Index measures 3,766, down 813 points from the previous month but up more than 3.7x compared with January 2020 levels.
Also on the new dashboard page is previous-day phishing and scam threat data sliced by scam type, hosting provider, top-level domain, and geolocation. There’s a lot of great information and data to peruse so check it out today!
Figure 3. Bolster Global Fraud Index - Measuring internet risk
What to Expect Next and How to Keep Your Brand Safe
It’s been said nothing in this world is permanent except death and taxes. Well, seemingly, online fraud should be added to that list too. The data has been eye-popping since we started our research efforts and it continues to skyrocket in 2022.
To keep abreast of the changes and to keep your business and brand safe, consider these 3 steps:
- Monitor our threat data: Start by visiting the Global Fraud Index page. There you can quickly orient yourself around the index and our daily phishing and scam threat data. You'll also be able to download the 2022 State of Phishing and Online Fraud Report from there as well as access future reports
- Assess your company's risk: Start measuring risks to your online brand with our free, no obligation, Domain Risk Report and Domain Acquisition Analysis.
Domain Risk Report - We'll generate thousands of typosquatting variants based on your domain name and analyze each to see if they are active with A-records (web content) and/or MX-records (email capabilities). This will help you identify potential infringements and fraud campaigns currently underway.
Domain Acquisition Analysis - We'll scan 3,000+ top-level domains globally to determine typosquatting variants that are available for purchase and the associated costs to acquire them. This will help you scope your overall your attack surface and equip you with the data to reduce it.
- Test drive the Bolster platform: Schedule time with us to test drive the Bolster platform. See for yourself just how powerful the Bolster platform is and how you can put that power to work to protect your brand and business. We're ready when you are.