Phishing Attacks Reach an All-Time High, Quadrupling That of Early 2020

New quarterly data from the Anti-Phishing Working Group shows unprecedented phishing activity with increases in BEC, use of social media, vishing, and smishing.

It’s never good when phishing attacks are moving, proverbially, “up and to the right.” But that’s exactly what we’re seeing in APWG’s Phishing Activity Trends Report for Q2 of this year. According to the report, phishing of all kinds is on the rise, with some metrics hitting a high:

  • Q2 saw 1,097,811 total phishing attacks – a quadrupling of attacks per quarter when compared with early 2020, where APWG reported an average of 81,000 attacks in a single month.
  • June saw over 381,000 attacks – an all-time high since the report’s inception
  • The average BEC transfer amount was just above $109K – a nearly 20% increase from Q1
  • Social Media-based threats increase 47% over Q1
  • Mobile phone-based fraud, with smishing and vishing collectively seeing a nearly 70 percent increase over Q1

It’s bad. Really bad.

Organizations serious about stopping this threat need a layered security strategy that includes DNS protection, Web protection, Email protection, Endpoint protection, and Security Awareness Training to ensure that either nothing malicious comes in, and – if it does – users are trained to recognize it, not engage, and empowered to immediately report it.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4’s Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click!

Here’s how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user’s inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome) and manifest install for Microsoft 365

Click here for a free Phish Alert Button.

Stu Sjouwerman
About the Author
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.