According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger attack such as ransomware. The Index also found that phishing was used in 41% of the attacks that X-Force remediated in 2021. That’s a 33% increase from 2021.

One of the biggest reasons threat actors are increasing phishing attacks is that all it takes is one employee to make a split-second mistake to cause major business and reputation loss. Cybersecurity workers must continually stay on top of new phishing trends. That way, they can use the right technology to help prevent the right types of attacks. Most importantly, they need to focus on training employees on how to spot and prevent attacks.

Here are five phishing trends that your organization is likely to see in 2022:

Voice phishing

You likely think of spam calls as just annoying. But that’s why vishing, or voice phishing, is on the rise. Cybersecurity training stresses not to click on links. However, many users do not realize that spam phone calls may actually be the start of a cybersecurity attack. In a vishing call, the person on the other end of a VoIP phone typically impersonates a legitimate organization, such as the IRS or a bank. From there, they ask the person who answered to visit a website. The attacker then uses the information entered into the website to launch a cyberattack. Common vishing scams include imposters (meaning the caller pretends to be someone else), debt relief scams and charity scams.

Vishing became such an issue in 2021 that the FBI even issued an alert. Proofpoint’s State of the Phish report found that 69% of the organizations were the recipient of a vishing attack. That’s an increase of 54% from 2020. Most concerning is that the X-Force index found that vishing attacks were three times more effective than a classic phishing scheme. Because the attack starts with the phone, using cybersecurity applications to stop the attack is challenging.

Train your employees about the rise of vishing and how to spot a vishing attack. Many vishing attacks are successful because employees don’t recognize this tactic as a potential cybersecurity attack. Stress to employees that they should never visit a website given to them over the phone. Keep employees updated on current vishing scams to help them more accurately spot threats.

Spear phishing

If you receive an email from a bank that you’ve never used before, then it’s very likely that you will recognize it’s a phishing email and hit delete. But if you get an email from your own bank, you are much more likely to fall for the scam. The difference is the first type of attack was a general phishing attack. The second is referred to as spear phishing, which is an attack targeted at specific people.

A 2021 FireEye report found that spear phishing recipients were 10 times more likely to click on the link than general phishing email recipients. Not surprisingly, spear phishing is on the rise. Proofpoint found that 79% of organizations were targets of spear phishing attacks. That’s an increase of 66% from 2020, which is a very concerning increase.

The IBM Threat Index found that the brands most imitated by threat actors were large and trusted companies. Attackers might pretend to be from Microsoft, Apple or Google. In addition, these types of attacks work as spear phishing since most consumers do business in some shape or form with these companies. Train employees to carefully look at logos and check email addresses. Often phishing attacks use an email that looks official at first glance. After close investigation, you’ll be able to see it is phony, such as [email protected]. You can also reduce the likelihood of a spear phishing attack gaining control of an employee’s access by installing multi-factor authentication on all employee accounts.


Smishing is when threat actors target someone over SMS texting. One of the reasons that this type of attack is even more effective is many people do not have cybersecurity software on their phones. The same attack might get blocked on their laptop. Many people are not as aware of smishing. Therefore, they may be more vulnerable to falling prey over text than email. Proofpoint found that 74% of organizations faced smishing attacks in 2021, which is an increase of 13% from 2020.

Many people began using food delivery and meal kits during the pandemic. So, cyber criminals began creating smishing schemes mentioning these services. Other common schemes include upcoming package deliveries and giveaways.

Start by updating your cybersecurity training to include smishing. Surprisingly, Proofpoint found that only 26% of organizations included Smishing in cybersecurity training. You should also let employees know what type of legitimate SMS messages they may receive from your organization. That way, they know what to expect from their commonly used work systems. As new smishing schemes emerge, keep employees updated on new types of text messages to watch out for.

Social media phishing attacks

Attackers are increasingly turning to social media for their phishing attacks. Proofpoint found that 74% of organizations were targeted by social media phishing attacks. That’s an increase of 13% from 2020. Many people are suspicious of blatant phishing attacks on social media, such as a stranger messaging you through a private message on social media with a link to click. But other schemes are harder to spot. Attackers often take over accounts and then target their friends with phishing attacks. Other schemes include social media quizzes that get users to enter information that can then be used for social engineering accounts. Threat actors also create clone accounts of real companies to get people to click on malicious links thinking they are trustworthy.

How to protect your organization

With employees using personal devices for work with increased remote and hybrid work, social media phishing attacks are likely to continue to pose a big risk. You should include a section in your cybersecurity training on social media phishing and keep employees updated on new types of schemes. Require that any personal devices that employees use for work have the latest patches and company-approved cybersecurity technology installed.

Phishing is expected to remain a top threat as attackers get more creative in their social engineering and targeting techniques. By staying on top of the latest phishing schemes, you keep your employees up to date, too. If employees know that the latest trend is to impersonate a specific company or type of email, then they are going to be more aware and suspicious when that message lands in their social media account, email, text or even at the other end of a phone call.

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today