APWG Phishing Trends Report: Year on Year Review (2018 to end 2021)

Reading Time: 6 minutes

A close examination of the APWG Phishing Trends Report 2018 to 2021

TLDR: The APWG Phishing Trends Report has, in recent years, shown a significant increase in reported phishing and emails. While this began to trend down slightly in the third quarter of 2021, it must be noted that there has been a growing trend of brand spoofing. Where we saw only 235 reported cases in January 2018, we now see  a figure of 715 cases in September. It seems as though we can expect this number to keep rising well into 2022. Anti-Phishing professionals are now asking what can be done to curb this and other trends relating to the use of visuals in phishing attacks; and the answer is computer vision.

---

The Anti-Phishing Working Group (APWG) has been issuing quarterly reports pertaining to trends in phishing activity since 2004. The APWG Phishing Activity Trends Report analyzes phishing attacks that have been reported to the organization by its member companies, research partners and through independent submissions on their website or via email. Their goal is to measure and report on the proliferation and evolution of crimeware, and for interested parties and stakeholders to take positive actions to counter these threats.

In this article, we will look closely at the observations and figures presented in the APWG Phishing Trends Report from 2018 to quarter four of 2021 with the hope of highlighting the vast changes that have occurred in phishing in what is a relatively short space in time.

Phishing Trends Chart – January 2018 to December 2021

Below we see a line chart that clearly visually represents the overall rise in the 3 key tracked metrics. Additionally, the table shows the detail for the monthly figures. Most concerning is that APWG reported 316,747 phishing attacks in December 2021; the highest monthly number in their reporting history and six times the number of phishing attacks compared to early 2020.

Another worrying trend is the growth in targeting mobile endpoints, with Lookout highlighting that mobile phishing threats in the energy sector (a key target for bad actors, along with other infrastructure, utility and healthcare organizations) surged 161% in 2021.

Table of data - Q1, 2018 to Q4, 2021 (Scroll right to see more columns)

This alone is extremely concerning, but we must look beyond this top level number at the specific techniques and approaches utilised by bad actors to ensure success.

An alarming increase in phishing websites detected 

While the number of phishing websites detected between 2018 and 2019 is pretty steady at between the 35,000 to 100,000 mark, the past two years tell a different story. 

It should come as no surprise that in 2020, bad actors took advantage of the world effectively coming to a stop due to the commencement of the ongoing global pandemic. People all around the world had little choice but to stay at home and a natural increase in screen time on various devices was seen. Concurrently, US eCommerce alone grew by more than 30%. With more people shopping online, it was almost inevitable that cybercriminals would increase spoof websites to capitalize on the situation, especially as many people who rarely shopped online were now doing so regularly.  A number of Covid-19 related spoof sites also appeared online in a bid to take advantage of unease and a heightened thirst for information. As a result, the number of detected phishing sites steadily increased from April 2020 onwards with a 92% increase in 2020 being reported as compared to 2019. 

A further increase of almost 30% in 2021 points to a continuing upward trend of spoof websites attempting to con users out of sensitive information. It can only be expected that this will continue, albeit perhaps not with such a considerable jump as in 2020. 

A dip in email phishing subjects 

It would be easily assumed that an increase in email phishing subjects would be on the rise as well, however, according to the APWG Phishing Trends Report, this isn’t the case. In 2018, more than 1 million email phishing subjects were detected. This decreased by 57% in 2019 with an inevitable increase in 2020, most notably in the latter half of the year when global lockdowns were largely in full swing. 2021 numbers decrease in quarters two and three, returning to the original baseline. 

It could be argued that while the number of emails is reducing once again, one of the reasons for this is because Phishing attacks are becoming more sophisticated and focused. Consequently, enjoying success with less effort may negate the need for 100s of different email subjects in their phishing campaigns.

CoFense’s review of phishing activity in 2020 backs up this theory with bad actors focusing on imitating brands that typical users will trust, including Google Drive, Amazon, SharePoint, and WeTransfer. Symantec also surmised in 2019 that highly targeted campaigns, rather than a spray and pray approach, by cybercriminals led to this trending reduction in detection of email phishing subjects. 

Brand spoofing is trending up 

While the data from APWG’s Phishing Trends Report shows sporadic jumps in phishing sites and a decrease in phishing subjects, brand spoofing is another story. 

Since 2018 we have seen a continual upward trend in the use of brand spoofing. Where we saw only 235 reported cases in January 2018, we now see  a figure of 715 cases in September. dipping to 521 by the end of year. It seems as though we can expect this number to keep rising well into 2022. 

As users have become savvier when it comes to spotting a suspicious email or text message, bad actors have become more sophisticated, learning to mislead with brands people trust. This doesn’t just entail using logos that users will be familiar with, but using security icons, brand colours, plus form and button styles to convince users they are legitimate. 

Detecting brand spoofing 

With brand spoofing proving to be a common and successful method of phishing, anti-phishing software providers are understandably wondering what they can do to reduce their effectiveness. Detection and flagging of trigger words such as “account” and “payment” are still viable methods of phishing protection, however, in order to tackle sophisticated brand spoofing, more elements need to be analyzed with phishing websites and emails. 

But the growth in sophistication doesn’t stop at spoofing brand logos and visuals. Bad actors are using graphics as an attack vector in itself.

This speaks to the value and importance of introducing an element of computer vision into phishing detection systems. With such technology, it will be possible for anti-phishing programs to scan for graphical brand elements such as logos and other significant and recognizable marks, like Trustpilot icons and security shield marks. It can also flag forms, buttons, and hyperlinks that may be seen as a threatening visual signals in communications, as well as the use of graphics and other programmatic techniques to evade detection. 

A joint effort 

Tackling phishing is something that requires a joint effort from cybersecurity businesses and  organizations like APWG as well as other companies regardless of industry, and individuals. As it is something that has been seen to have personal, corporate and societal implications, it is important that we all take responsibility for highlighting and flagging phishing attempts. 

One such way of doing this is contributing to APWG’s efforts by submitting any phishing attempts you experience on their website, APWG.org, or by emailing [email protected]. 

You can view all of APWG’s Phishing Trends Reports here. 

Another way is to make use of the latest technologies to harden detection systems against these latest attack vectors. So if you’re challenged by these issues and would like to find out more about detecting visual threats, visit our Visual Phishing Detection page, or fill out the form below.

Book A Demo