We’ve noted in previous CSC studies1, 2, 3 that phishing continues to be an extremely popular threat vector with bad actors and shows no signs of subsiding—in part, because of the COVID-19 pandemic and the rise in popularity of remote working. Indeed, the most recent figures from the Anti-Phishing Working Group (APWG)4, 5 show that the numbers of phishing attacks are higher than ever before, with the quarterly total of identified unique phishing attacks exceeding 1 million for the first time in Q1 2022, and over 600 distinct brands attacked each month.
Figure 1:Total monthly numbers of unique phishing attacks from Q1 2018 to Q2 2022, as reported by APWG6
An earlier report by APWG7 noted that over 80% of phishing sites were found to be employing secure socket layers (SSL) or transport layer security (TLS) certificates (allowing use of HTTPS)—an increase from around 5% at the end of 2016—and 90% of these certificates had been issued by free providers, such as cPanel and Let’s Encrypt.
Furthermore, Interisle’s 2022 Phishing Landscape study8, 9 reported the detection of over 1.1 million phishing attacks between April 2021 and April 2022, with over 2,000 brands targeted, but the majority targeting just 10 top ..
Support the originator by clicking the read the rest link below.
