The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed.

phishing activity trends 2022

The total for June was 381,717 attacks or phishing sites. The number of phishing attacks reported has quadrupled since early 2020 — when APWG was observing between 68,000 and 94,000 attacks per month.

In the first quarter of 2022, OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 27.6 percent of all phishing.

Attacks against webmail and software-as-a-service (SAAS) providers remained prevalent as well, while attacks against retail/ecommerce sites fell from 17.3 percent to 14.6 percent after the holiday shopping season.

Phishing against social media websites rose, to 15.3 percent of all attacks.

Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — was 6.5 percent of the total, which made them more prevalent than attacks against online games, government sites, and telecom services combined.

Matthew Harris, Senior Product Manager, Fraud at OpSec, noted: “Lastly, we’re seeing a huge increase in mobile phone-based fraud, with smishing and vishing collectively seeing a nearly 70 percent increase in volume as compared to Q1 totals.”

“We are still seeing fraud coming in via the typical OTT apps (WhatsApp, WeChat, Facebook Messenger, etc.), but the SMS-based fraud is really the kicker here,” Harris said.

Crane Hassold, Director of Threat Intelligence at APWG member Abnormal Security, analyzed the ransomware activity over the quarter. “The transportation industry saw the largest growth in ransomware victims,” Hassold said. “The healthcare industry, which has long been a concerning target of ransomware attacks, also experienced a significant increase in attacks in the second quarter, growing 53 percent compared to the first quarter.”

Business e-mail compromise, or BEC, is a scam that affects large and small companies. When scammers try to fool victims into making a wire transfer to the scammer, Agari found that the average amount requested was $109,467, up from $91,436 in Q1 2022, the highest average the company has seen since Agari started tracking the data.

“The industry is quite good at keeping malware out of enterprise user inboxes,” said John Wilson, Senior Fellow, Threat Research at HelpSystems. “However, that’s not the case for phishing emails that steal credentials or elicit a response (like BEC). Ninety-five percent of the threats found in enterprise user inboxes in Q2 were either credential theft or response-based attacks.”