1. 33% of breaches included social attacks. - Verizon Data Breach Investigations Report (DBIR) 2019
2. 65% of attacker groups used spear phishing as the primary infection vector. - Symantec Internet Security Threat Report (ISTR) 2019
3. 29% of breaches involved use of stolen credentials. - Verizon Data Breach Investigations Report (DBIR) 2019
4. 48% of malicious email attachments are Office files. - Symantec Internet Security Threat Report (ISTR) 2019
5. 94% of malware was delivered via email. - Verizon Data Breach Investigations Report (DBIR) 2019
6. 32% of breaches involve phishing. - Verizon Data Breach Investigations Report (DBIR) 2019
7. 64% of organizations have experienced a phishing attack in the past year. - Check Point Research Security Report 2018
8. 22% of organizations see phishing as their greatest security threat. - EY Global Information Security Survey 2018
9. 77% of IT professionals feel their security teams are unprepared for today’s cybersecurity challenges. - Check Point Research Security Report 2018
10. 34% of organizations see careless or unaware employees as a vulnerability. - EY Global Information Security Survey 2018
11. 59% of phishing attacks in the Americas relate to finance. - NTT Security Global Threat Intelligence Report 2018
12. 85% of organizations say their security reporting does not meet their expectations. - EY Global Information Security Survey 2018
13. 59% of companies consider ransomware to be their biggest threat. - Check Point Research Security Report 2018
14. 70% of breaches associated with a nation-state or state-affiliated actors involved phishing. - Verizon Data Breach Investigations Report (DBIR) 2018
15. 71.4% of targeted attacks involved the use of spear-phishing emails. - Symantec Internet Security Threat Report 2018
16. 66% of malware is installed via malicious email attachments. - Verizon Data Breach Investigations Report (DBIR) 2017
17. 49% of non-point-of-sale malware was installed via malicious email. - Verizon Data Breach Investigations Report (DBIR) 2018
18. 43% of all breaches included social tactics. - Verizon Data Breach Investigations Report (DBIR) 2017
19. 93% of social attacks were phishing related. - Verizon Data Breach Investigations Report (DBIR) 2017
20. 64% of organizations have experienced a phishing attack in the past year. - Check Point Research Security Report - 2018
21. 28% of phishing attacks are targeted. - Verizon Data Breach Investigations Report (DBIR) 2017
22. 21% of ransomware involved social actions, such as phishing. - Verizon Data Breach Investigations Report (DBIR) 2017
23. Finance faced 59% of phishing attacks in the Americas. - NTT Security Global Threat Intelligence Report 2018
24. 74% of cyber-espionage actions within the public sector involved phishing. - Verizon Data Breach Investigations Report (DBIR) 2018
25. 82% of manufacturers have experienced a phishing attack in the past year. - Check Point Research Security Report 2018
26. 17% of breaches were social attacks. - Verizon Data Breach Investigations Report (DBIR) 2018
27. 90% of incidences and breaches included a phishing element. - Verizon Data Breach Investigations Report (DBIR) 2017
28. In 2016, 89% of all attacks involve financial or espionage motivations. - Verizon Data Breach Investigations Report (DBIR) 2016
29. 30% of phishing messages were opened in 2016 – up from 23% in the 2015 report. - Verizon Data Breach Investigations Report (DBIR) 2016
30. 95% of breaches and 86% of security incidents fall into nine patterns. - Verizon Data Breach Investigations Report (DBIR) 2016
31. 70% of cyber attacks use a combination of phishing and hacking. - Verizon Data Breach Investigations Report (DBIR) 2016
32. 63% of confirmed data breaches involved weak, default or stolen passwords. - Verizon Data Breach Investigations Report (DBIR) 2016
33. The top 3 industries affected by security incidents are public, information and financial services. - Verizon Data Breach Investigations Report 2015
34. 50% of recipients open e-mails and click on phishing links within the first hour of being sent. - Verizon Data Breach Investigations Report 2015
35. Almost half of all phishing attacks registered in 2016 were aimed at stealing victim’s money. - Kaspersky Lab Report 2016
36. Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc. - Kaspersky Lab Report 2016
37. Email phishing rate is 1 in 1,846. - Symantec Internet Security Threat Report 2016
38. 34.9% of all spear-phishing e-mail was directed at an organization in the financial industry. - Symantec Internet Security Threat Report 2016
39. The number of spear-phishing campaigns targeting employees increased by 55%. - Symantec Internet Security Threat Report 2016
The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website at https://apwg.org, and by e-mail submissions. APWG also measures the evolution, proliferation, and propagation of crimeware by drawing from the research of our member companies.
Phishing Attack Trends Report – 3Q 2020
Anti-Phishing Working Group – Released November 24, 2020
Phishing Attack Trends Report – 2Q 2020
Anti-Phishing Working Group – Released May 11, 2020
Phishing Attack Trends Report – 1Q 2020
Anti-Phishing Working Group – Released May 11, 2020
Phishing Attack Trends Report – 4Q 2019
Anti-Phishing Working Group – Released November 4, 2019
Phishing Attack Trends Report – 3Q 2019
Anti-Phishing Working Group – Released November 4, 2019
Phishing Attack Trends Report – 2Q 2019
Anti-Phishing Working Group – Released Sept 12, 2019
Phishing Attack Trends Report – 1Q 2019
Anti-Phishing Working Group – Released May 15, 2019
Phishing Attack Trends Report – 4Q 2018
Anti-Phishing Working Group – Released Mar 04, 2019
Phishing Attack Trends Report – 3Q 2018
Anti-Phishing Working Group – Released Dec 12, 2018
Phishing Attack Trends Report – 2Q 2018
Anti-Phishing Working Group – Released Oct 18, 2018
Phishing Attack Trends Report – 1Q 2018
Anti-Phishing Working Group – Released July 31, 2018
Phishing Attack Trends Report – 4Q 2017
Anti-Phishing Working Group – Released May 15, 2018
Phishing Attack Trends Report – 3Q 2017
Anti-Phishing Working Group – Released Feb 27, 2018
Phishing Attack Trends Report – 1H 2017
Anti-Phishing Working Group – Released Oct 17, 2017
Phishing Attack Trends Report – 4Q 2016
Anti-Phishing Working Group – Released Feb 22, 2017
Phishing Attack Trends Report – 3Q 2016
Anti-Phishing Working Group – Released Dec 21, 2016
Phishing Attack Trends Report – 2Q 2016
Anti-Phishing Working Group – Released Oct 03, 2016
Phishing Attack Trends Report – 1Q 2016
Anti-Phishing Working Group – Released May 24, 2016
Phishing Attack Trends Report – 4Q 2015
Anti-Phishing Working Group – Released March 22, 2016
Phishing Attack Trends Report – 1Q-Q3 2015
Anti-Phishing Working Group – Released December 23, 2015
Phishing Attack Trends Report – 4Q 2014
Anti-Phishing Working Group – Released April 29, 2015
Phishing Attack Trends Report – 3Q 2014
Anti-Phishing Working Group – Released March 30, 2015
Phishing Attack Trends Report – 2Q 2014
Anti-Phishing Working Group – Released Aug 29, 2014
Phishing Attack Trends Report – 1Q 2014
Anti-Phishing Working Group – Released Jun 23, 2014
Phishing Attack Trends Report – 4Q 2013
Anti-Phishing Working Group – Released Apr 27, 2014
Phishing Attack Trends Report – 3Q 2013
Anti-Phishing Working Group – Released Feb 07, 2014
Phishing Attack Trends Report – 2Q 2013
Anti-Phishing Working Group – Released Nov 06, 2013
Phishing Attack Trends Report – 1Q 2013
Anti-Phishing Working Group – Released July 30, 2013
Phishing Attack Trends Report – 4Q 2012
Anti-Phishing Working Group – Released April 24, 2013
Phishing Attack Trends Report – 3Q2012
Anti-Phishing Working Group – Released February 1, 2013
Phishing Attack Trends Report – 2Q 2012
Anti-Phishing Working Group – Released September 12, 2012
Phishing Attack Trends Report – 1Q 2012
Anti-Phishing Working Group – Released July 19, 2012
Phishing Attack Trends Report – 2H 2011
Anti-Phishing Working Group – Released May 25, 2012
Phishing Attack Trends Report – 1H 2011
Anti-Phishing Working Group – Released Dec 23, 2011
Phishing Attack Trends Report – 2H 2010
Anti-Phishing Working Group – Released Jul 31, 2011
Phishing Attack Trends Report – Q2 2010
Anti-Phishing Working Group – Released Jan 26, 2010
Phishing Attack Trends Report – Q1 2010
Anti-Phishing Working Group – Released Sept 23, 2010
Phishing Attack Trends Report – Q4 2009
Anti-Phishing Working Group – Released Mar 05, 2010
Phishing Attack Trends Report – Q3 2009
Anti-Phishing Working Group – Released Jan 13, 2010
Phishing Attack Trends Report – First Half 2009
Anti-Phishing Working Group – Released Sept 27, 2009
Phishing Attack Trends Report – Second Half 2008
Anti-Phishing Working Group – Released Mar 17, 2009
Phishing Attack Trends Report – Second Quarter 2008
Anti-Phishing Working Group – Released Dec 8, 2008
Phishing Attack Trends Report – First Quarter 2008
Anti-Phishing Working Group – Released Aug 29, 2008
Note: Starting in 2008 the APWG began generating it’s phishing trends report on a quarterly and annual bases. This longer term view will allow time for better analysis to asses trends in electroinic crime and phishing.
Phishing Attack Trends Report – January 2008
Anti-Phishing Working Group – Released Mar 3, 2008
Phishing Attack Trends Report – December 2007
Anti-Phishing Working Group – Released Mar 3, 2008
Phishing Attack Trends Report – November 2007
Anti-Phishing Working Group – Released Jan 25, 2008
Phishing Attack Trends Report – October 2007
Anti-Phishing Working Group – Released Jan 7, 2008
Phishing Attack Trends Report – September 2007
Anti-Phishing Working Group – Released Dec 17, 2007
Phishing Attack Trends Report – August 2007
Anti-Phishing Working Group – Released Nov 19, 2007
Phishing Attack Trends Report – July 2007
Anti-Phishing Working Group – Released Oct 18, 2007
Phishing Attack Trends Report – Jun 2007
Anti-Phishing Working Group – Released Sept 3, 2007
Phishing Attack Trends Report – May 2007
Anti-Phishing Working Group – Released July 8, 2007
Phishing Attack Trends Report – April 2007
Anti-Phishing Working Group – Released May 23 2007
Phishing Attack Trends Report – March 2007
Anti-Phishing Working Group – Released May 14 2007
Phishing Attack Trends Report – February 2007
Anti-Phishing Working Group – Released April 11 2007
Phishing Attack Trends Report – January 2007
Anti-Phishing Working Group – Released March 2007
Phishing Attack Trends Report – December 2006
Anti-Phishing Working Group – Released February 2007
Phishing Attack Trends Report – November 2006
Anti-Phishing Working Group – Released January 2007
Phishing Attack Trends Report – Sept/Oct 2006
Anti-Phishing Working Group – Released December 2006
Phishing Attack Trends Report – August 2006
Anti-Phishing Working Group – Released October 2006
Phishing Attack Trends Report – July 2006
Anti-Phishing Working Group – Released September 2006
Phishing Attack Trends Report – June 2006
Anti-Phishing Working Group – Released August 2006
Phishing Attack Trends Report – May 2006
Anti-Phishing Working Group – Released June 2006
Phishing Attack Trends Report – April 2006
Anti-Phishing Working Group – Released May 2006
Phishing Attack Trends Report – March 2006
Anti-Phishing Working Group – Released May 2006
Phishing Attack Trends Report – February 2006
Anti-Phishing Working Group – Released April 2006
Phishing Attack Trends Report – January 2006
Anti-Phishing Working Group – Released March 2006
Phishing Attack Trends Report – December 2005
Anti-Phishing Working Group – Released Feb , 2006
Phishing Attack Trends Report – November 2005
Anti-Phishing Working Group – Released Jan 09, 2006
Phishing Attack Trends Report – October 2005
Anti-Phishing Working Group – Released Dec 13, 2005
Phishing Attack Trends Report – September 2005
Anti-Phishing Working Group – Released Nov 15, 2005
Phishing Attack Trends Report – August 2005
Anti-Phishing Working Group – Released Sept 10, 2005
Phishing Attack Trends Report – July 2005
Anti-Phishing Working Group – Released June 21, 2005
Phishing Attack Trends Report – June 2005
Anti-Phishing Working Group – Released June 21, 2005
Phishing Attack Trends Report – May 2005
Anti-Phishing Working Group – Released May 28, 2005
Phishing Attack Trends Report – April 2005
Anti-Phishing Working Group – Released April 22, 2005
Phishing Attack Trends Report – March 2005
Anti-Phishing Working Group – Released March 27, 2005
Phishing Attack Trends Report – February 2005
Anti-Phishing Working Group – Released March 24, 2005
Phishing Attack Trends Report – January 2005
Anti-Phishing Working Group – Released February 24, 2005
Phishing Attack Trends Report – December 2004
Anti-Phishing Working Group – Released January 20, 2005
Phishing Attack Trends Report – November 2004
Anti-Phishing Working Group – Released December, 2004
NOTE: Starting with the August-October 2004 Phishing Attack Trends Report, a secondary way of tracking phishing attacks was added to the methodology. We now track unique email lures and unique data collection server sites. See the reports for more details.
Phishing Attack Trends Report – August-October 2004
Anti-Phishing Working Group – Released November, 2004
Phishing Attack Trends Report – July 2004
Anti-Phishing Working Group – Released August, 2004
Phishing Attack Trends Report – June 2004
Anti-Phishing Working Group – Released July, 2004
Phishing Attack Trends Report – May 2004
Anti-Phishing Working Group – Released June, 2004
Phishing Attack Trends Report – April 2004
Anti-Phishing Working Group – Released May, 2004
Phishing Attack Trends Report – March 2004
Anti-Phishing Working Group – Released Apr, 2004
Phishing Attack Trends Report – February 2004
Anti-Phishing Working Group – Released Mar, 2004
Special Report on Phishing – March 2004
United States Department of Justice – Released Mar, 2004
Phishing Attack Trends Report – January 2004
Anti-Phishing Working Group – Released Feb, 2004
© All rights reserved | USForward