The third quarter of 2022, APWG observed 1,270,883 total phishing attacks — is the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.
Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks.
The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.
John Wilson, Senior Fellow, Threat Research at Fortra, noted: “We saw a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.”
In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing.
Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.
Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.
Matthew Harris, Senior Product Manager, Fraud at Opsec, noted: “The Logistics and Shipping sector saw a large fraud volume increase, led specifically by a large increase in phishing against the U.S. Postal Service. And continuing a trend we observed in Q2, we’re tracking a huge increase in mobile phone-based fraud; vishing detection volumes are more than three times what we saw in Q2.”