The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) shows an unrelenting upward trend in the number of phishing attacks per quarter.
Despite the alarm that the growth in the number of phishing attacks should generate, this report sheds some light on what seems to be working for cybercriminals if you dig a little deeper. According to the report:
- The number of unique email subjects increased by 99.2%, totaling over 250,000 in Q4
- The number of brands impersonated decreased slightly by 4% to 1780
- The number of unique phishing websites increased slightly by 6% to just over 1.3 million
In essence, it appears that more unique campaigns is the answer – after all, there are only so many brands that have a broad appeal. It is interesting to see that the number of phishing websites is not increasing with the unique email subjects, although the “unique” email subjects may simply be variations on a theme aimed at using the same phishing website to capture credentials, banking details, etc.
The scarier part of this report is that 150% continual growth.
This growth is a mix of new threat actors getting into the game, improvements in the “as a service” of just about every facet of cyber attacks, and the fact that successful attacks are also increasing in numbers.
Organizations need to prevent these attacks before they truly start. And with the seemingly never ending growth in phishing attacks, telling you to implement Security Awareness Training is sound advice.