HQ/EMEAFind out how we can help your business
The Anti-Phishing Working Group (APWG) issued a new phishing activity trends report last May 9, which covered an in-depth analysis of phishing campaigns that transpired from October to December 2022.
APWG is an international coalition of cybercrime responders that releases phishing activity trends report to impart analytics and data interpretation of phishing attacks and other identity theft activities from cybercriminal actors, submitted by its members and Global Research Partners.
The organisation tracks unique phishing sites, unique phishing email subjects, and the number of brands targeted by phishing campaigns in measuring the sum of phishing attacks they log yearly.
2022 was a record-breaking year for phishing, as highlighted by APWG.
In the report, the organisation logged over 4.7 million phishing attacks for 2022, stressing its massive uptick of more than 150% per year, weighed against the records logged since the beginning of 2019. APWG said that the unique phishing email subjects received by affected companies in October 2022 were the largest month sample the organisation has ever recorded.
For 2022’s fourth quarter, the organisation identified 1,350,037 phishing attacks that targeted companies from industries under financial (27.7%), webmail and software-as-a-service (17.7%), social media (10.4%), logistics and shipping (9.0%), payment processors (6.0%), e-commerce and retail (5.6), telecommunication (3.1%), and cryptocurrency (2.3%). Other sectors not specified in the report collectively had an 18.2% phishing attack rate.
On the other hand, APWG also disclosed that ‘business email compromise’ (BEC attacks) has caused a significant profit loss of billions of dollars to both large and small businesses during the fourth quarter of 2022. BEC attacks involve company employees being misled by malicious actors posing as trusted parties to make financial transactions or give away sensitive data.
Malicious actors utilised free webmail providers to propagate BEC attacks, comprising Google (68%), Microsoft (22%), and Verizon Media (4%). Other webmail providers not specified in the report collectively had a 6% BEC attack utilisation rate.
Email-based threats for 2022’s fourth quarter have also been observed, with researchers underlining that the share of response-based email threats targeting enterprise users has risen while credential theft attacks have declined.
In minimising potential risks from phishing threats, cybersecurity experts advise companies to equip employees with knowledge about cybersecurity awareness. Providing employees with proper access and familiarity to company systems can also be effective, alongside limiting them in accessing critical systems to prevent malware spread in case of infection.
