APWG Q4 Report Finds 2023 Was Record Year for Phishing

APWG Members Witnessing Troubling New Surges in Phone-Based Cybercrime

Phishing Attacks 2021-2023

The APWG’s Q4 2023 Phishing Activity Trends Report reveals that the APWG observed almost five million phishing attacks in 2023, making it the worst year for phishing on record. Even after a decrease in the second quarter, phishing rose late in the year, and the APWG observed 1,077,501 phishing attacks in the fourth quarter of 2023.

“Phishing attacks fell in the second quarter of 2023 in part due to the shut-down of the Freenom free domain name program,” said Greg Aaron, APWG Senior Research Fellow. 

“This service was used extensively by phishers for many years. Freenom stopped offering domain registrations in January 2023, and phishing on Freenom domains died out as phishers used up their free domain inventories in early and mid-2023. Late in 2023 we saw phishing attacks rise again, and we’ll continue to monitor where the phishers are getting resources to carry out their attacks,” Mr. Aaron said.

In Q4 of 2023, APWG founding member OpSec Security found that phishing attacks against social media platforms comprised 42.8 percent of all phishing attacks, exploding from 18.9 percent of all attacks in Q3. Phishing against the Financial Institution segment fell from 24.9 percent of all attacks in Q3 to 14 percent in Q4.

Phishing Activity Trends Report data contributors OpSec Security and Fortra both saw notable increases in telephony-based phishing attacks in Q4.  

Voice phishing or vishing, has been increasing since late last year. APWG sees the trend as an overture to an epoch of AI-powered vishing, leveraging precisely imitated voices of friends, family members (sampled from TikTok videos and other social media) and familiar authorities distilled by cybergangs through cheap, facile deep-fake voice technologies.

APWG’s assessment is that broad availability of high-fidelity voice samples on social media as well as intimate personal information, combined with burgeoning dark-web markets for personal financial data and the new AI-based voice deep fake technologies, now provide a formidable toolset for the creation of uniquely potent spoofing scams.

“OpSec saw that vishing incidents increased more than 16 percent over Q3 and represented a nearly 260 percent increase over the Q4 2022 volume,” said Matt Harris, Senior Product Manager, Fraud at OpSec.  

Meanwhile, Fortra tracked a disturbing increase in hybrid vishing, phishing in which the attacker uses both email and telephone to communicate with the victim. Fortra rarely saw hybrid vishing before 2023, but these made up fully 6.1 percent of the attacks Fortra recorded in the Q4 of 2023.

“The hybrid vishing attacks we track typically begin with an email, which tells the recipient that he or she has been charged for a product or service,” said John Wilson, Senior Fellow, Threat Research at Fortra. 

“The messages instruct the recipient to call a phone number if they wish to cancel their order and obtain a refund. Geek Squad was the most common brand used as a lure in these attacks, accounting for 32.2 percent of the Q4 2023 attacks. This was followed by Norton/LifeLock with 30.4 percent, McAfee at 20 percent, and PayPal with 11.3 percent,” Mr. Wilson said.

Mr. Wilson concluded, “I believe the rise in hybrid vishing is due to the increased scale that is possible with email vs. placing outbound calls. The scammers can reach more potential victims through email, and the less susceptible victims have already self-filtered themselves by not placing the initial call. 

For upcoming Trends reports, therefore, APWG will establish metrics for telephone-based phishing. As ever, APWG and its contributing members strive to maintain reporting that most ensures categorizational continuity over time. 

The full text of the Q4 2023 Trends report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2023.pdf

About the APWG 

Founded in 2003, the Anti-Phishing Working Group (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and stopthinkconnect.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and manager of the global STOP. THINK. CONNECT. campaign, the online safety public awareness collaborative (https://messagingconvention.org) and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies (https://ecrimeresearch.org/ecrime-symposium/). APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: AI Spera, Abnormal, Acronis, Adobe, AhnLab, AT&T, Arteria Communications, Allure Security, AREA 1, AIT, appgate, Apple, Asurion Insurance Services, Avast, Away AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, BanCERT, Bolster, Booz Allen Hamilton, BrandShield, Browlser, ByteDance, CHT Security, Canva, CaixaBank, Check Point, Cipherbit (Grupo Oesia), Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CrowdStrike, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, Cyble, CYREN, Cyxtera, CZ.NIC, DS Lab, DigiCert, dmarcian, DNS Filter, DNS Belgium, EBRAND, Entrust Datacard, ESET, FirstRand, Fortinet, Fortra, FraudWatch, GetResponse, GERNE Technology, GMS Securidad, Group-IB, Guidewire, Hitachi Systems, .ID, ICANN, Identity Digital, Infoblox, Ingressum, INKY Technology Company, IQ Global, Kaspersky, KnowBe4, Lenos Software, LinkedIn, LINE, Looking Glass, LSEC, Mailshell, Material Security, McAfee, Meta, Mimecast, NCA, NAVER, Netcraft, NetSTAR, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, Proofpoint, Public Interest Registry (PIR), Qintel, Rakuten, Recorded Future, Redsift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, Seven & i Holdings, Co. Ltd, SHRESHTA, SIDN, SlashNext, Sophos, Spamhaus Technology, SWITCH, Symantec, Telefonica, TEMU, Tessian, Thomsen Trampedach, ThreatSTOP, TNO, Tracer, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber Security, WMC Global, Webroot, workday, ZeroFOX, ZibaSec, Zimperium, YARXIX, ZIX, .XYZ, and zvelo.

Source: APWG

Related Media


Founded in 2003, the Anti-Phishing Working Group (APWG) is an international coalition of counter-cybercrime responders, forensic investigators, law enforcement agencies, technology companies, financial services firms, university researchers, NGOs and multilateral treaty organizations operating as a non-profit organization. Its directors, managers and research fellows advise national and sub-national governments as well as the United Nations (Office on Drugs and Crime) as recognized experts (as defined by the Doha Declaration of 2010 and Salvador Declaration of 2015) as well as multilateral bodies and organizations.

406 Waltham Street , #246
Lexington, MA


More Press Releases