TLDR: Our previous article on this subject focused on the historical figures provided by the APWG (Anti Phishing Working Group, and highlighted the growth in phishing attacks and particularly the growth in brand spoofing. This article focuses on the continued growth in the trends for Q1 2022, where the APWG observed 1,025,968 total phishing attacks. This was the worst quarter for phishing that APWG has ever observed, and the first time that the quarterly total has exceeded one million. Anti-Phishing professionals continue to struggle to find solutions to this challenge, however, they often ignore technologies like computer vision, which can help to identify attacks that make use of graphical attack vectors to confuse victims by playing on trust as a mechanism to get credentials and other details, and plant malware.
The Anti-Phishing Working Group (APWG) has been issuing quarterly reports pertaining to trends in phishing activity since 2004. The APWG Phishing Activity Trends Report analyzes phishing attacks that have been reported to the organization by its member companies, research partners and through independent submissions on their website or via email. Their goal is to measure and report on the proliferation and evolution of crimeware, and for interested parties and stakeholders to take positive actions to counter these threats.
In this article, we will look closely at the observations and figures presented in the APWG Phishing Trends Report quarter one of 2022 while including historical data from the previous three quarters for reference, with the hope of highlighting the vast changes that have occurred in phishing in what is a relatively short space in time.
Below we see a line chart that clearly visually represents the overall rise in the 3 key tracked metrics. Additionally, the table shows the detail for the monthly figures. Most concerning is that APWG reported 1,025,968 phishing attacks in Q1 2022; the highest quarterly number in their reporting history and the first time they have seen phishing attacks exceed one million! It is also notable that this number is 67% higher than the same period in 2021 (611,877).
Similarly, they saw an almost 45% rise in spoofed brands, rising from 465 in March 2021 to 673 in March 2022. This shows how bad actors continue to rely on brand spoofing as an attack vector because of its relative simplicity and how effective it is at building trust in their targeted victims.
Table of data - Q2, 2021 to Q1, 2022 (Scroll right to see more columns)
|Q2 2021||Q3 2021||Q4 2021||Q1 2022|
|No. Of Unique Phishing Websites Detected||204,050||190,762||222,127||260,642||255,385||214,345||267,530||304,308||316,747||331,698||309,979||384,291|
|No. of Unique Phishing Email Subjects||11,400||9,239||9,669||11,384||10,716||64,233||12,350||13,937||16,461||15,275||14,176||24,187|
|Number of Spoofed Brands||464||500||495||522||603||715||624||682||521||608||621||673|
This alone is extremely concerning, but we must look beyond this top level number at the specific techniques and approaches utilised by bad actors to ensure success.
The rise in phishing websites was initially attributed to the changes in working practices and lifestyles of populations during the pandemic years, however, we are seeing a continued upward trend post-pandemic. The number for March 2022 is the highest in recorded history 21% higher than the previous high in December 2021.
This continued increase points to the fact that this approach obviously pays dividends for bad actors, who are happy to latch on to a relatively simple approach and use technologies that can spin out thousands of spoof websites with ease.
During the pandemic years we saw bad actors try a broad range of phishing subjects, and so this figure jumped to a high of 64,000+ in September 2021. However, a sharp decline since then indicates that they have worked out which subjects deliver the best returns and are focusing on that core list.
While the data from APWG’s Phishing Trends Report shows sporadic jumps in phishing sites and a decrease in phishing subjects, brand spoofing is another story. The historical data shown in our previous phishing report article showing trends from 2018 to 2021 shows that there is a continual upward trend that peaks each year somewhere between July and September. Thereafter we see a fall again. But the falls are always higher than the corresponding month in the previous year. As such, we fully anticipate that September 2022 will show yet another high-point in the number of brands being exploited by spoofing.
As users have become savvier when it comes to spotting a suspicious email or text message, bad actors have become more sophisticated, learning to mislead with brands people trust. This doesn’t just entail using logos that users will be familiar with, but using security icons, brand colours, plus form and button styles to convince users they are legitimate.
With brand spoofing proving to be a common and successful method of phishing, anti-phishing software providers are understandably wondering what they can do to reduce their effectiveness. Detection and flagging of trigger words such as “account” and “payment” are still viable methods of phishing protection, however, in order to tackle sophisticated brand spoofing, more elements need to be analyzed with phishing websites and emails.
But the growth in sophistication doesn’t stop at spoofing brand logos and visuals. Bad actors are using graphics as an attack vector in itself.
This speaks to the value and importance of introducing an element of computer vision into phishing detection systems. With such technology, it will be possible for anti-phishing programs to scan for graphical brand elements such as logos and other significant and recognizable marks, like Trustpilot icons and security shield marks. It can also flag forms, buttons, and hyperlinks that may be seen as a threatening visual signals in communications, as well as the use of graphics and other programmatic techniques to evade detection.
Tackling phishing is something that requires a joint effort from cybersecurity businesses and organizations like APWG as well as other companies regardless of industry, and individuals. As it is something that has been seen to have personal, corporate and societal implications, it is important that we all take responsibility for highlighting and flagging phishing attempts.
One such way of doing this is contributing to APWG’s efforts by submitting any phishing attempts you experience on their website, APWG.org, or by emailing [email protected]
Another way is to make use of the latest technologies to harden detection systems against these latest attack vectors. So if you’re challenged by these issues and would like to find out more about detecting visual threats, visit our Visual Phishing Detection page, or fill out the form below.Book A Demo
Seamlessly integrating our API is quick and easy, and if you have questions, there are real people here to help. So start today; complete the contact form and our team will get straight back to you.