APWG Q4 Report Finds 2023 Was Record Year for Phishing

APWG Members Witnessing Troubling New Surges in Phone-Based Cybercrime

The APWG’s Q4 2023 Phishing Activity Trends Report reveals that the APWG observed almost five million phishing attacks in 2023, making it the worst year for phishing on record. Even after a decrease in the second quarter, phishing rose late in the year, and the APWG observed 1,077,501 phishing attacks in the fourth quarter of 2023.

“Phishing attacks fell in the second quarter of 2023 in part due to the shut-down of the Freenom free domain name program,” said Greg Aaron, APWG Senior Research Fellow. 

“This service was used extensively by phishers for many years. Freenom stopped offering domain registrations in January 2023, and phishing on Freenom domains died out as phishers used up their free domain inventories in early and mid-2023. Late in 2023 we saw phishing attacks rise again, and we’ll continue to monitor where the phishers are getting resources to carry out their attacks,” Mr. Aaron said.

In Q4 of 2023, APWG founding member OpSec Security found that phishing attacks against social media platforms comprised 42.8 percent of all phishing attacks, exploding from 18.9 percent of all attacks in Q3. Phishing against the Financial Institution segment fell from 24.9 percent of all attacks in Q3 to 14 percent in Q4.

Phishing Activity Trends Report data contributors OpSec Security and Fortra both saw notable increases in telephony-based phishing attacks in Q4.  

Voice phishing or vishing, has been increasing since late last year. APWG sees the trend as an overture to an epoch of AI-powered vishing, leveraging precisely imitated voices of friends, family members (sampled from TikTok videos and other social media) and familiar authorities distilled by cybergangs through cheap, facile deep-fake voice technologies.

APWG’s assessment is that broad availability of high-fidelity voice samples on social media as well as intimate personal information, combined with burgeoning dark-web markets for personal financial data and the new AI-based voice deep fake technologies, now provide a formidable toolset for the creation of uniquely potent spoofing scams.

“OpSec saw that vishing incidents increased more than 16 percent over Q3 and represented a nearly 260 percent increase over the Q4 2022 volume,” said Matt Harris, Senior Product Manager, Fraud at OpSec.  

Meanwhile, Fortra tracked a disturbing increase in hybrid vishing, phishing in which the attacker uses both email and telephone to communicate with the victim. Fortra rarely saw hybrid vishing before 2023, but these made up fully 6.1 percent of the attacks Fortra recorded in the Q4 of 2023.

“The hybrid vishing attacks we track typically begin with an email, which tells the recipient that he or she has been charged for a product or service,” said John Wilson, Senior Fellow, Threat Research at Fortra. 

“The messages instruct the recipient to call a phone number if they wish to cancel their order and obtain a refund. Geek Squad was the most common brand used as a lure in these attacks, accounting for 32.2 percent of the Q4 2023 attacks. This was followed by Norton/LifeLock with 30.4 percent, McAfee at 20 percent, and PayPal with 11.3 percent,” Mr. Wilson said.

Mr. Wilson concluded, “I believe the rise in hybrid vishing is due to the increased scale that is possible with email vs. placing outbound calls. The scammers can reach more potential victims through email, and the less susceptible victims have already self-filtered themselves by not placing the initial call. 

For upcoming Trends reports, therefore, APWG will establish metrics for telephone-based phishing. As ever, APWG and its contributing members strive to maintain reporting that most ensures categorizational continuity over time. 

The full text of the Q4 2023 Trends report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2023.pdf