Phishing Trends to Watch in 2022: Be Alert!

A phishing attack will affect 75% of businesses worldwide by 2020. Because phishing is the primary delivery method for all types of cyberattacks, it remains one of the greatest threats to your business’s health and well-being.

One phishing email can cause a company to succumb to ransomware and face costly downtime. Thus, a user’s credentials to a company email account can be handed over unknowingly, which the hacker can then use to send targeted attacks to their customers.

When a person is tricked into divulging personal information or infecting a network with malware, phishing scams exploit human error.

In 2021, the number of mobile phishing attacks increased by 161%.

The following are the best defenses against the never-ending barrage of phishing attempts:

  • Email filtering 
  •  DNS filtering
  •  Next-gen antivirus/anti-malware
  • Ongoing employee cybersecurity awareness training

To properly train your employees and keep your IT security updated, you must know the latest phishing threats.

The following are some of the most recent phishing trends to keep an eye on in 2022.

The use of text messages to send phishing messages has grown in recent years.

People are less wary of unsolicited text messages than of errant emails. Because email phishing has been the most common, most phishing training focuses on email phishing techniques.

In contrast, cybercrime organizations are now taking advantage of the easy availability of mobile phone numbers by taking advantage of text messaging to launch phishing attacks. Phishing in the form of “smishing” is becoming increasingly common.

Due to retailers and service providers pushing their text updates for sales and delivery notices, people now receive significantly more text messages than before.

SMS-based phishing schemes can now pretend to be shipping notifications to trick a user into visiting a shortened URL.


Ransomware has become a growing threat as criminal groups launch high-value cyberattacks. A new, potentially lucrative attack method is gaining traction and, as a result, popularity.

It’s becoming increasingly common for cybercriminals to use business email compromise (BEC) to profit from scams such as gift card fraud and fake wire transfer requests.

Having access to an organization’s business email account allows criminals to target employees, customers, and vendors of that organization with convincing phishing messages. Cybercriminals can take advantage of this trust by sending emails from a well-known email address.


When it comes to hacking, there is no such thing as “too small.” Due to their lack of IT security, small businesses are frequently the target of cyberattacks.

Small and midsized businesses account for 43% of all data breaches, and 40% of those companies that are victims of an attack are forced to close their doors for at least eight hours.

For this reason, spear phishing is much more dangerous than other forms of phishing. It’s the type of BEC attack that employs this type of weapon.

Spear-phishing used to be reserved for large corporations due to the time and resources required to set up a highly personalized attack. It’s becoming easier for large criminal organizations and state-sponsored hackers to target anyone as their attacks become more efficient.

Consequently, small businesses are being targeted by phishing attacks that are more difficult for their customers to recognize as a scam.


As we just discussed, large criminal organizations are constantly improving their attacks to make them more effective. They approach cyberattacks as a business and continuously look for ways to make them more profitable.

First, they’re using what they call “Initial Access Brokers,” who are experts in the field. Only the initial breach into a network or a company account is of interest to this particular type of hacker.

As a result, phishing attacks are becoming more dangerous and difficult to detect.


Phishing attackers have increasingly used business impersonation as users have become more aware of the importance of avoiding emails from unknown senders. This is where a phishing email comes in, masquerading as a legitimate email from a company the user may be familiar with or even do business with.

Amazon is a popular target for business impersonation, but it also occurs with smaller businesses. For example, there have been cases where client lists of website hosting companies have been compromised. Those companies have sent emails impersonating the hosting company and asking users to log in to an account to fix an urgent problem.

Because more business impersonation is used in phishing attacks, users must be wary of all emails, not just those from unknown senders.


A multi-layered strategy is required to protect your company from one of the most severe threats. Use a cybersecurity audit to examine your current situation and identify areas for improvement.