APWG Report: Phishing Smashes All Previous Records in Q3, 2021; Phishing Attacks Double Since Early 2020

Attacks Remain Costly, Rising and Maintaining Intensity of Focus Against Cryptocurrency Coins and Services Brands

The APWG's new?Phishing Activity Trends Report?reveals that the APWG saw 260,642 phishing attacks in July 2021 - the highest monthly total observed since APWG began its reporting program in 2004.

Overall, the number of phishing attacks has doubled from early 2020.

APWG Senior Research Fellow Greg Aaron noted, "The number of phishing sites being reported to APWG is now ten times what it was ten years ago, back in late 2011. Phishing has not decreased as the online environment has evolved - it remains a dangerous, effective, and profitable activity for cybercriminals."

The number of targets being attacked by phishers - the banks, app providers, universities, and other entities that phishers imitate in order to fool victims - has continued to rise through 2021. In the early part of 2021 the number of targeted brands was just over 400, but topped 700 by the end of Q3 2021.

In the third quarter of 2021, APWG member OpSec Security reported that the software-as-a-service and webmail sector was the most frequently victimized by phishing, with 29.1 percent of all attacks. Attacks against financial institutions and payment providers continued to be numerous, and represented?a combined 34.9 percent of all attacks. Phishing against cryptocurrency targets - such as cryptocurrency exchanges and wallet providers - settled at 5.6 percent of attacks.

Also in this report, contributing APWG member RiskIQ analyzed the use of domain names for phishing and found problems related to free domain names, while member Axur documented how phishing has recently increased in Brazil.

The full text of the report is available here:

https://docs.apwg.org/reports/apwg_trends_report_q3_2021.pdf