CAMBRIDGE, Mass., December 14, 2022 (Newswire.com) - The APWG's new Phishing Activity Trends Report reveals that in the third quarter of 2022, APWG observed 1,270,883 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.
Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks.
The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.
John Wilson, Senior Fellow, Threat Research at Fortra, notes that "we saw a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent."
In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SAAS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.
Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.
Matthew Harris, Senior Product Manager, Fraud at Opsec, noted: "The Logistics and Shipping sector saw a large fraud volume increase, led specifically by a large increase in phishing against the U.S. Postal Service. And continuing a trend we observed in Q2, we're tracking a huge increase in mobile phone-based fraud; vishing detection volumes are more than three times what we saw in Q2."
The full text of the report is available here:
About the APWG
Founded in 2003, the Anti-Phishing Working Group (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative (https://messagingconvention.org) and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies (www.ecrimeresearch.org). APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: 418 Intelligence, AI Spera, Abnormal, Acronis, Afilias, AGARI by HelpSystems, AhnLab, AT&T, Allure Security, AREA 1, AIT, appgate, Asurion Insurance Services, Avast, Awayr AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, Bolster, BrandShield, Browlser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ.NIC, DS Lab, DigiCert, dmarcian, DNS Belgium, DomianTools, EBRAND, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GERNE Technology, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. Fortra, Hitachi Systems, .ID, ICANN, Infoblox, Ingressum, INKY Technology Company, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NCA, NAVER, Netcraft, NetSTAR, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs by HelpSystems, Proofpoint, Qintel, Rakuten, Recorded Future, Redsift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, SIDN, SlashNext, Sopos, SWITCH, Symantec, Tessian. Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber Security, Webroot, workday, ZeroFOX, ZibaSec, Zimperium, ZIX, and zvelo.