Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight.
Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated.
The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.
With Q1 at 1.6+ million attacks and Q2 at nearly 1.3 million, the drop in Q3 down to just under 1 million put all the focus on Q4 – and whether that number would surge back to its former heights.
And while the cumulative number for last year of just under 5 million affirms 2023 as the worst year for phishing, Q4 only rose slightly – to just under 1.1 million, begging the question of why the numbers still remain low.
Source: APWG
According to APWG, one of the reasons for the massive drop was the shutdown of Freenom, a free domain name program taken advantage of by attackers. Despite Q4 showing only a marginal increase in the number of phishing attacks, the rise indicates threat actors are ramping back up and working around the loss of a much-used service to fuel their impersonation phishing attacks.
But the Freenom shutdown also shows that if steps are taken to directly counteract how phishing attacks function, significantly less attacks take place to begin with.
The same logic should be applied to users. If users counteract a threat actors intent in a phishing email by not responding (something taught with security awareness training), far less attacks will have any chance of success.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
