APWG REPORT: Phishing Attacks Double in 2020 and October Shatters All-Time Monthly Records

Successful Busineess E-mail Compromise Attacks Become 56 Percent More Costly

Phishing Attacks Double in 2020 and October Shatters All-Time Monthly Records

The APWG's new Phishing Activity Trends Report reveals that the number of phishing attacks observed by APWG members grew through 2020, fully doubling over the course of the year. Attacks peaked in October 2020, with a high of 225,304 new phishing sites appearing in that month alone, breaking all previous monthly records.

In Brazil, security firm Axur saw a slower growth in the number of phishing attacks that targeted Brazilian companies and consumers in Brazil. But overall, Axur observed almost twice as many such phishing sites in 2020 as it did in 2019, a concerning year-over-year growth.

APWG contributor OpSec Security found that phishing that targeted financial institutions was the largest category of phishing in the fourth quarter, at 22.5 percent of all attacks. This category nosed out webmail and Software-as-a-Service (SaaS), which experienced 22.2 percent of all attacks. Phishing against the social media sector declined slightly to 11.8 percent, even as social media usage was high during the U.S. presidential election. In Brazil, Axur found that phishing against e-commerce sites constituted 45 percent of phishing attacks, perhaps taking advantage of consumers who are staying at home and using online shopping during the COVID-19 pandemic.

APWG contributor Agari continued to track "business email compromise" (BEC) attacks, one of the most damaging types of Internet crimes. BEC attacks that sought wire transfers from victim companies sought an average of $75,000 - a 56 percent increase from $48,000 in the third quarter of 2020. This increase is primarily due to a resurgence in BEC campaigns from "Cosmic Lynx," a sophisticated Russian-based crime group. Agari observed one BEC attack in progress in which the wire transfer request was for a whopping $999,600.

RiskIQ analyzed the use of domain names for phishing. "It appears that most of the domain names used for phishing are not compromised infrastructure, but are malicious domain name registrations created by the threat actors themselves," said Jonathan Matkowsky of RiskIQ's Incident Investigation and Intelligence (i3) team. Both RiskIQ and Agari saw these kinds of criminal domain name registrations were concentrated at a few registrars and in a few top-level domains.

Phishers are also deploying encryption to fool users into thinking that phishing sites are legitimate and safe. APWG contributor PhishLabs found that in the fourth quarter of 2020, 84 percent of phishing sites had SSL encryption enabled. Encryption is deployed on phishing sites more often than on regular web sites: SSL is currently found on only 66.8 percent of all web sites across the Internet.

The full text of the report is available here: http://docs.apwg.org/reports/apwg_trends_report_q4_2020.pdf

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative https://education.apwg.org/safety-messaging-convention and founder/curator of the eCrime Researchers Summit, the world's only peer-reviewed conference dedicated specifically to electronic crime studies https://ecrimeresearch.org/ecrime-symposium. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: AhnLab, Area 1, AT&T (T), ACRONIS, Afilias, Allure Security, Amazon Web Services (AMZN), AnchorFree, Avast!, AVG Technologies, AWAYR AI, Axur, Baidu Antivirus, Barracuda Networks, BillMeLater, Bkav, Bolster, BrandMail, BrandProtect, Bsecure Technologies, ByteDance, CSC Digital Brand Services, Check Point Software Technologies, CipherTrace, Claro, Cloudmark, Cofense, Comcast, CrowdStrike, CSIRTBANELCO, Cyxtera, Cyber Defender, CYREN, Cyveillance, Cyxtera, DNS Belgium, DigiCert, Domain Tools, Donuts, Duo Security, Easy Solutions, PayPal, eCert, EC Cert, ESET, EST Soft, Facebook (FB), FeelSafe Digital, FEBRABAN, Fortinet, FraudWatch International, F-Secure, GMS, GetResponse, GlobalSign, GoDaddy, Group-iB, Hauri, Hitachi Systems, Ltd., Huawei, Hyas, ICANN, Identity Guard, Illumintel, Infoblox (BLOX), IronPort (Cisco), Ingressum, Intel (INTC), Interac, IT Matrix, iThreat Cyber Group, iZOOlogic, Kaspersky Lab, KnowBe4, LaCaixa, Lenos Software, LINE, LookingGlass, MX Tools, MailChannels, MailJet, MailChimp, MailShell, MailUp, Microsoft (MSFT), MicroWorld, Mimecast, Mirapoint, NHN, MyPW, nProtect Online Security, Netcraft, NetSTAR/ALSI Group, Network Solutions, NeuStar (NSR), Nominet, Nominum, NZRS Limited, OpSec Security, PANDI, Palo Alto Networks, Public Interest Registry, Phishlabs, Planty.net, Prevalent, Prevx, Proofpoint, PSafe, RSA Security (EMC), Rakuten, RedMarlin, RedSift, Return Path, RiskIQ, RuleSpace, Qintel, SalesForce, SecureBrain, Secutec, SegaSec, SendGrid, S21sec, SIDN, SilverPop, SiteLock, SnoopWall, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec, TDS Telecom, TNO, Telefonica (TEF), Thomsen Trampedach, ThreatSTOP, TransCreditBank, Trend Micro (TMIC), Trustwave, UITSEC, Vasco (VDSI), VADE-RETRO, VeriSign (VRSN), Viettel Cyber Security, VILSOL, Webroot, Wombat Security Technologies, Workday, ZIX, and zvelo.


For media inquiries related to the APWG, please contact:

APWG Secretary General Peter Cassidy ([email protected], +1.617.669.1123). 

Or for company-specific content related to this release, please contact:

Stefanie Ellis at OpSec Security ([email protected]);

Jean Creech of Agari ([email protected], +1.650.627.7667);

Eduardo Schultze of Axur ([email protected],+55 51 3012-2987);

Stacy Shelley of PhishLabs ([email protected], +1.843.329.7824);

Kari Walker of RiskIQ ([email protected], +1.703.928.9996).

Source: APWG


Tags: BEC, cybercrime, cybersecurityawareness, ecrime, malware, phishing, ransomware, sextortion, spearphishing

Additional Images

Additional Links


View Website

Founded in 2003, the Anti-Phishing Working Group (APWG) is an international coalition of counter-cybercrime responders, forensic investigators, law enforcement agencies, technology companies, financial services firms, university researchers, NGOs and multilateral treaty organizations operating as a non-profit organization. Its directors, managers and research fellows advise national and sub-national governments as well as the United Nations (Office on Drugs and Crime) as recognized experts (as defined by the Doha Declaration of 2010 and Salvador Declaration of 2015) as well as multilateral bodies and organizations.

406 Waltham Street (246)
Lexington, MA 02421-7948
United States