Anti-Phishing Cybersecurity

APWG Phishing Trends Report: Year on Year Review (2018 to end 2021)

APWG Phishing Trends Report: Year on Year Review (2018 to end 2021)

Reading Time: 6 minutes

TLDR: The APWG Phishing Trends Report has, in recent years, shown a significant increase in reported phishing and emails. While this began to trend down slightly in the third quarter of 2021, it must be noted that there has been a growing trend of brand spoofing. Where we saw only 235 reported cases in January 2018, we now see  a figure of 715 cases in September. It seems as though we can expect this number to keep rising well into 2022. Anti-Phishing professionals are now asking what can be done to curb this and other trends relating to the use of visuals in phishing attacks; and the answer is computer vision.

The Anti-Phishing Working Group (APWG) has been issuing quarterly reports pertaining to trends in phishing activity since 2004. The APWG Phishing Activity Trends Report analyzes phishing attacks that have been reported to the organization by its member companies, research partners and through independent submissions on their website or via email. Their goal is to measure and report on the proliferation and evolution of crimeware, and for interested parties and stakeholders to take positive actions to counter these threats.

In this article, we will look closely at the observations and figures presented in the APWG Phishing Trends Report from 2018 to quarter four of 2021 with the hope of highlighting the vast changes that have occurred in phishing in what is a relatively short space in time.

Below we see a line chart that clearly visually represents the overall rise in the 3 key tracked metrics. Additionally, the table shows the detail for the monthly figures. Most concerning is that APWG reported 316,747 phishing attacks in December 2021; the highest monthly number in their reporting history and six times the number of phishing attacks compared to early 2020.

Another worrying trend is the growth in targeting mobile endpoints, with Lookout highlighting that mobile phishing threats in the energy sector (a key target for bad actors, along with other infrastructure, utility and healthcare organizations) surged 161% in 2021.

Chart by Visualizer
Table of data - Q1, 2018 to Q4, 2021 (Scroll right to see more columns)
Q1 2018 Q2 2018 Q3 2018 Q4 2018
January February March April May June July August September October November December
No. Of Unique Phishing Websites Detected 60,887 88,754 113,897 100,382 81,257 51,401 52,613 44,855 53,546 56,815 35,719 45,794
No. of Unique Phishing Email Subjects 89,250 89,010 84,444 91,054 82,547 90,882 93,078 89,323 88,156 87,619 64,905 87,386
Number of Spoofed Brands 235 273 238 274 285 227 231 260 286 293 233 310
Q1 2019 Q2 2019 Q3 2019 Q4 2019
January February March April May June July August September October November December
No. Of Unique Phishing Websites Detected 48,663 50,983 81,122 59,756 61,820 60,889 93,194 86,908 86,276 76,804 39,580 45,771
No. of Unique Phishing Email Subjects 34,630 35,364 42,399 37,054 40,177 34,932 35,530 40,457 42,273 45,057 42,424 45,072
Number of Spoofed Brands 327 288 330 341 308 289 444 414 425 333 325 341
Q1 2020 Q2 2020 Q3 2020 Q4 2020
January February March April May June July August September October November December
No. Of Unique Phishing Websites Detected 54,926 49,560 60,286 48,951 52,007 46,036 171,040 201,591 199,133 225,304 212,878 199,120
No. of Unique Phishing Email Subjects 52,407 43,270 44,008 43,282 39,908 44,497 119,181 119,180 128,926 143,950 119,700 133,038
Number of Spoofed Brands 374 331 344 364 352 363 478 575 505 532 505 515
Q1 2021 Q2 2021 Q3 2021 Q4 2021
January February March April May June July August September October November December
No. Of Unique Phishing Websites Detected 245,771 158,898 207,208 204,050 190,762 222,127 260,642 255,385 214,345 267,530 304,308 316,747
No. of Unique Phishing Email Subjects 172,793 112,369 39,918 11,400 9,239 9,669 11,384 10,716 64,233 12,350 13,937 16,461
Number of Spoofed Brands 430 407 465 464 500 495 522 603 715 624 682 521

This alone is extremely concerning, but we must look beyond this top level number at the specific techniques and approaches utilised by bad actors to ensure success.

An alarming increase in phishing websites detected 

While the number of phishing websites detected between 2018 and 2019 is pretty steady at between the 35,000 to 100,000 mark, the past two years tell a different story. 

It should come as no surprise that in 2020, bad actors took advantage of the world effectively coming to a stop due to the commencement of the ongoing global pandemic. People all around the world had little choice but to stay at home and a natural increase in screen time on various devices was seen. Concurrently, US eCommerce alone grew by more than 30%. With more people shopping online, it was almost inevitable that cybercriminals would increase spoof websites to capitalize on the situation, especially as many people who rarely shopped online were now doing so regularly.  A number of Covid-19 related spoof sites also appeared online in a bid to take advantage of unease and a heightened thirst for information. As a result, the number of detected phishing sites steadily increased from April 2020 onwards with a 92% increase in 2020 being reported as compared to 2019. 

A further increase of almost 30% in 2021 points to a continuing upward trend of spoof websites attempting to con users out of sensitive information. It can only be expected that this will continue, albeit perhaps not with such a considerable jump as in 2020. 

Suspected Phishing Email
Suspected Phishing Email

A dip in email phishing subjects 

It would be easily assumed that an increase in email phishing subjects would be on the rise as well, however, according to the APWG Phishing Trends Report, this isn’t the case. In 2018, more than 1 million email phishing subjects were detected. This decreased by 57% in 2019 with an inevitable increase in 2020, most notably in the latter half of the year when global lockdowns were largely in full swing. 2021 numbers decrease in quarters two and three, returning to the original baseline. 

It could be argued that while the number of emails is reducing once again, one of the reasons for this is because Phishing attacks are becoming more sophisticated and focused. Consequently, enjoying success with less effort may negate the need for 100s of different email subjects in their phishing campaigns.

CoFense’s review of phishing activity in 2020 backs up this theory with bad actors focusing on imitating brands that typical users will trust, including Google Drive, Amazon, SharePoint, and WeTransfer. Symantec also surmised in 2019 that highly targeted campaigns, rather than a spray and pray approach, by cybercriminals led to this trending reduction in detection of email phishing subjects. 

Brand Spoofing Example

While the data from APWG’s Phishing Trends Report shows sporadic jumps in phishing sites and a decrease in phishing subjects, brand spoofing is another story. 

Since 2018 we have seen a continual upward trend in the use of brand spoofing. Where we saw only 235 reported cases in January 2018, we now see  a figure of 715 cases in September. dipping to 521 by the end of year. It seems as though we can expect this number to keep rising well into 2022. 

As users have become savvier when it comes to spotting a suspicious email or text message, bad actors have become more sophisticated, learning to mislead with brands people trust. This doesn’t just entail using logos that users will be familiar with, but using security icons, brand colours, plus form and button styles to convince users they are legitimate. 

Detecting brand spoofing 

With brand spoofing proving to be a common and successful method of phishing, anti-phishing software providers are understandably wondering what they can do to reduce their effectiveness. Detection and flagging of trigger words such as “account” and “payment” are still viable methods of phishing protection, however, in order to tackle sophisticated brand spoofing, more elements need to be analyzed with phishing websites and emails. 

But the growth in sophistication doesn’t stop at spoofing brand logos and visuals. Bad actors are using graphics as an attack vector in itself.

This speaks to the value and importance of introducing an element of computer vision into phishing detection systems. With such technology, it will be possible for anti-phishing programs to scan for graphical brand elements such as logos and other significant and recognizable marks, like Trustpilot icons and security shield marks. It can also flag forms, buttons, and hyperlinks that may be seen as a threatening visual signals in communications, as well as the use of graphics and other programmatic techniques to evade detection. 

A joint effort 

Tackling phishing is something that requires a joint effort from cybersecurity businesses and  organizations like APWG as well as other companies regardless of industry, and individuals. As it is something that has been seen to have personal, corporate and societal implications, it is important that we all take responsibility for highlighting and flagging phishing attempts. 

One such way of doing this is contributing to APWG’s efforts by submitting any phishing attempts you experience on their website,, or by emailing [email protected] 

You can view all of APWG’s Phishing Trends Reports here

Another way is to make use of the latest technologies to harden detection systems against these latest attack vectors. So if you’re challenged by these issues and would like to find out more about detecting visual threats, visit our Visual Phishing Detection page, or fill out the form below.

Book A Demo


Are Website CMS, Email Marketing, and Survey Platforms Accountable For Their Part In The Phishing Epidemic?

Reading Time: 7 minutes TLDR: Phishing attacks have reached the highest levels ever seen. Bad Actors are abusing convenient and well-known platforms to craft emails, web […]

Anti-Phishing Cybersecurity
APWG Phishing Trends Report: Year on Year Review (2022)

Reading Time: 5 minutes A close examination of the APWG Phishing Trends Report (Q1 2022) TLDR: Our previous article on this subject focused on the historical […]

Anti-Phishing Cybersecurity
How Visual Search is Used in Anti-Phishing

Reading Time: 2 minutes Visual Search in Phishing Protection – an effective combination Visual search is a powerful piece of computer vision technology that can enhance […]


Trusted by the world's leading platforms, marketplaces and agencies

Integrate Visual-AI Into Your Platform

Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.

  • This field is for validation purposes and should be left unchanged.