Scams connected to the Russian invasion of Ukraine and an uptick in Emotet botnet volume marked the beginning of 2022.

The Q1 2022 Cofense Phishing Intelligence Trends Review identified ways the cyber threat landscape shifted throughout the first months of 2022, finding an increase in the volume of phishing emails, among other cybersecurity trends.

Phishing trends in Q1 2022

File extensions: According to the report, the most popular file extension used by phishing attackers in Q1 2022 was .pdf, followed by .html and .htm. PDF files and .html extensions each made up over 30% of used file extensions, respectively.

Credential phishing: Google, Adobe and Sharepoint were among the top ten .com domains used for credential phishing, a process of obtaining login information from users.

War in Ukraine: Phishing and cryptocurrency scams have used the Russian invasion of Ukraine to their advantage, setting up donation scams and using the conflict to collect data and cryptocurrency from victims. Threat actors used email subject lines such as "Ukraine Donations" and "Help save children from ukraine" to target potential phishing victims.

Tax season scams: The phishing trends review noted an increased volume of activity from the Emotet botnet, with impersonations of the Internal Revenue Service (IRS) targeting U.S. taxpayers in Q1 2022. The malware group used fake W-9 forms to infect victims' devices.

For more report insights, click here.