Phishing Attacks Reach an All-Time High, Quadrupling That of Early 2020



APWG-Ransomware-VictimsNew quarterly data from the Anti-Phishing Working Group shows unprecedented phishing activity with increases in BEC, use of social media, vishing, and smishing.

It’s never good when phishing attacks are moving, proverbially, “up and to the right.” But that’s exactly what we’re seeing in APWG’s Phishing Activity Trends Report for Q2 of this year. According to the report, phishing of all kinds is on the rise, with some metrics hitting a high:

  • Q2 saw 1,097,811 total phishing attacks – a quadrupling of attacks per quarter when compared with early 2020, where APWG reported an average of 81,000 attacks in a single month.
  • June saw over 381,000 attacks – an all-time high since the reports inception
  • The average BEC transfer amount was just above $109K – a nearly 20% increase from Q1
  • Social Media-based threats increase 47% over Q1
  • Mobile phone-based fraud, with smishing and vishing collectively seeing a nearly 70 percent increase over Q1

It’s bad. Really bad.

Organizations serious about stopping this threat need a layered security strategy that includes DNS protection, Web protection, Email protection, Endpoint protection, and Security Awareness Training to ensure that either nothing malicious comes in, and – if it does – users are trained to recognize it, not engage, and empowered to immediately report it. 


Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/free-phish-alert

Topics: Phishing



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews