20 May APWG Q1 Report: Phone-Based Phishing Grows Explosively, Shifting the Cybercrime Threatscape
Phone-Based Frauds Allow Scammers to Engage with Victims More Personally
The APWG’s new Phishing Activity Trends Report reveals that phishing attacks using phone calls and text messages have grown unchecked for the past two years, shifting the cybercrime threatscape increasingly toward abuse of telephone services and infrastructure. Phone numbers used for fraud represented more than 20 percent of all fraud-related assets that APWG member OpSec identified in Q1 2024.
Scammers are markedly and steadily expanding their deployment of vishing – where fraudsters call potential victims, and smishing – where fraudsters advertise the URLs of phishing sites in SMS and text messages. And in hybrid phishing a phisher sends an email or text that requests that the recipient call a phone number. This allows a scammer to talk directly with potential victims and manipulate them first-hand.
“At OpSec, we started to see vishing and smishing take off in early 2021,” said Matthew Harris, Senior Product Manager, Fraud at OpSec, and a long-time APWG report contributor. “Phishing that uses email lures is being hampered by advanced filtering technologies and sending requirements, making it more difficult for scammers to get their emails into victim in-boxes. Contrast this with phone calls, which go directly to a user with very little filtering,” said Harris. “Phone calls are more engaging. A live person is calling the victim, interacting with them, and has a chance to gain the victim’s trust—or has a chance to alarm and confuse the victim and trick them.”
APWG contributing member Fortra has observed something similar in recent years. “Hybrid vishing, which we rarely saw before 2023, made up 5.6 percent of Fortra’s engagements in the first quarter of 2024,” said John Wilson, Senior Fellow, Threat Research at Fortra.
“The hybrid vishing attacks we track typically begin as an email indicating the recipient has been charged for a product or service,” said Wilson. “The messages instruct the recipient to call a phone number if they wish to cancel their order and obtain a refund. Norton/LifeLock was the most popular brand used as a lure in these attacks, mentioned in 32 percent of the hybrid vishing messages we encountered in Q1 2024.”
The report also reveals that in Q1 2024, APWG observed 963,994 phishing attacks. After highs in early 2023, the number of attacks per month has been stable from June 2023 through March 2024. Social media platforms were the most frequently attacked sector in Q1 2024, targeted by 37.4 percent of all phishing attacks, followed by software-as-a-service and webmail companies, at 21 percent. Phishing against the banking segment continued to fall, down to 9.8 percent in Q1 2024.
APWG’s assessment is that the availability of high-fidelity voice and video samples on the Web, intimate personal information on social media, and personal financial data sold in dark-web markets will make it increasingly easier for cybergangs to use AI to create uniquely potent scams.
“Ours is a new epoch in cybercrime’s evolution. Technologies that would have been science fiction when phishing initially besieged bank brands 20 years ago are now readily available to cybercrime gangs – and they have the wherewithal and expertise to use them for undetectable spoofs,” said APWG Secretary General Peter Cassidy. “Consumers and employees everywhere need to ask themselves: just who do you think you’re talking/texting to?”
The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q1_2024.pdf
Media Contacts
For media inquiries related to the APWG, please contact APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123). Or for company-specific content related to this release, please contact: Anil Prasad at Abnormal Security (www.abnormalsecurity.com/contact), Stefanie Wood Ellis of OpSec Security (sellis@opsecsecurityonline.com); Rachel Woodford of Agari (Rachel.Woodford@helpsystems.com), Eduardo Schultze of Axur (eduardo.schultze@axur.com,+55 51 3012-2987); Stacy Shelley of PhishLabs (stacy@phishlabs.com, +1.843.329.7824); Holly Hitchcock of RiskIQ (holly@frontlines.io).
About the APWG
Founded in 2003, the Anti-Phishing Working Group (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide. APWG’s apwg.org and stopthinkconnect.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and manager of the global STOP. THINK. CONNECT. campaign, most recently deployed as the national cybersecurity awareness campaign of Argentina, and founder/curator of the Symposium on Electronic Crime Research, the world’s only peer-reviewed, published conference dedicated specifically to electronic crime studies (https://ecrimeresearch.org/ecrime-symposium/). APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG’s corporate sponsors are: AI Spera, Acronis, Adobe, AhnLab, AT&T, Arteria Communications, Allure Security, AREA 1, AIT, appgate, Apple, Asurion Insurance Services, Avast, Away AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, BanCERT, Bolster, Booz Allen Hamilton, BrandShield, Browlser, ByteDance, CHT Security, Canva, Central Bank of Jordan, Check Point, Cipherbit (Grupo Oesia), Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CrowdStrike, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, Cyble, CYREN, Cyxtera, CZ.NIC, DS Lab, DigiCert, dmarcian, DNS Filter, DNS Belgium, EBRAND, Entrust Datacard, ESET, FirstRand, Fortinet, Fortra, FraudWatch, GetResponse, GMS Securidad, Group-IB, Guidewire, Hitachi Systems, .ID, ICANN, Identity Digital, Infoblox, Ingressum, INKY Technology Company, IQ Global, Kaspersky, KnowBe4, Lenos Software, LinkedIn, LINE, Looking Glass, LSEC, Material Security, McAfee, Meta, Mimecast, NCA, NAVER, Netcraft, NetSTAR, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, Proofpoint, Public Interest Registry (PIR), Qintel, Rakuten, Recorded Future, Redsift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, Seven & i Holdings, Co. Ltd, SHRESHTA, SIDN, SlashNext, Sophos, Spamhaus Technology, SWITCH, Symantec, Telefonica, TEMU, Tessian, Thomsen Trampedach, ThreatSTOP, TNO, Tracer, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber Security, WMC Global, Webroot, workday, ZeroFOX, ZibaSec, Zimperium, YARXIX, ZIX, .XYZ, and zvelo.