APWG Report: 2023 Marks Record Year For Phishing Attacks Worldwide

The Anti-Phishing Working Group (APWG) has recently unveiled its Q4 2023 Phishing Activity Trends Report, revealing a record-breaking number of phishing attacks throughout the year. The total count nearly reached five million, marking 2023 as the year with the highest incidence of phishing attempts documented. Despite a noticeable dip in the second quarter, the latter half of the year saw a resurgence in activity, culminating in 1,077,501 attacks in the fourth quarter alone.

This fluctuation in phishing attempts is partly linked to the closure of the Freenom free domain name program in January 2023. Historically favored by phishers for domain registrations, its discontinuation led to a temporary decline in phishing activities as attackers exhausted their stockpile of free domains. Nevertheless, by the end of the year, a significant uptick was observed, prompting an investigation by the APWG into the new sources of domains for phishing.

A notable shift in target preference was observed, with social media platforms becoming prime targets and accounting for 42.8% of all phishing attacks in Q4 2023. This marks a substantial increase from 18.9% in the preceding quarter. Conversely, attacks against financial institutions saw a decrease, dropping from 24.9% in Q3 to just 14% in Q4.

The report also sheds light on the rise of telephony-based phishing or vishing attacks, particularly those leveraging artificial intelligence (AI) to mimic known voices. This method has seen a significant increase, with OpSec Security reporting a 16% rise in vishing incidents in Q4 over the previous quarter and a staggering 260% increase compared to Q4 2022. Fortra noted an emergence of hybrid vishing attacks, combining email and telephone communications, which constituted 6.1% of all attacks in Q4—a tactic that was virtually nonexistent before 2023.

Among the brands exploited in these hybrid vishing schemes, Geek Squad emerged as the most frequently impersonated brand, involved in 32.2% of Q4 attacks. It was closely followed by Norton/LifeLock at 30.4%, McAfee at 20%, and PayPal at 11.3%. These findings underscore the adaptability and evolving strategies of phishers.

In response to these developments, the APWG has announced plans to introduce metrics specifically for telephone-based phishing in its future Trends reports. This decision reflects the growing concern over the scale and sophistication of vishing attacks and underscores the importance of developing robust countermeasures to protect against this evolving threat.

The APWG's latest findings highlight not only the adaptability of cybercriminals but also the critical need for ongoing vigilance and innovation in cybersecurity measures. As phishing tactics become more sophisticated, particularly with the integration of AI technologies, understanding and anticipating these threats is paramount for safeguarding digital assets and personal information.