Analysis Shows 2023 to be “Worst Year for Phishing on Record”

Worst Year Phishing on RecordNewly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight.

Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated.

The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.

With Q1 at 1.6+ million attacks and Q2 at nearly 1.3  million, the drop in Q3 down to just under 1 million put all the focus on Q4 – and whether that number would surge back to its former heights.

And while the cumulative number for last year of just under 5 million affirms 2023 as the worst year for phishing, Q4 only rose slightly – to just under 1.1 million, begging the question of why the numbers still remain low.

APWG Chart

Source: APWG

According to APWG, one of the reasons for the massive drop was the shutdown of Freenom, a free domain name program taken advantage of by attackers. Despite Q4 showing only a marginal increase in the number of phishing attacks, the rise indicates threat actors are ramping back up and working around the loss of a much-used service to fuel their impersonation phishing attacks.

But the Freenom shutdown also shows that if steps are taken to directly counteract how phishing attacks function, significantly less attacks take place to begin with.

The same logic should be applied to users. If users counteract a threat actors intent in a phishing email by not responding (something taught with security awareness training), far less attacks will have any chance of success.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews