APWG Report: Phishing Smashes All Previous Records in Q3, 2021; Phishing Attacks Double Since Early 2020

Attacks Remain Costly, Rising and Maintaining Intensity of Focus Against Cryptocurrency Coins and Services Brands

Phishing Attacks  - Q3 2021 - Tops 260,000 in the Quarter

The APWG's new Phishing Activity Trends Report reveals that the APWG saw 260,642 phishing attacks in July 2021 - the highest monthly total observed since APWG began its reporting program in 2004.

Overall, the number of phishing attacks has doubled from early 2020.

APWG Senior Research Fellow Greg Aaron noted, "The number of phishing sites being reported to APWG is now ten times what it was ten years ago, back in late 2011. Phishing has not decreased as the online environment has evolved - it remains a dangerous, effective, and profitable activity for cybercriminals."

The number of targets being attacked by phishers - the banks, app providers, universities, and other entities that phishers imitate in order to fool victims - has continued to rise through 2021. In the early part of 2021 the number of targeted brands was just over 400, but topped 700 by the end of Q3 2021.

In the third quarter of 2021, APWG member OpSec Security reported that the software-as-a-service and webmail sector was the most frequently victimized by phishing, with 29.1 percent of all attacks. Attacks against financial institutions and payment providers continued to be numerous, and represented a combined 24.9 percent of all attacks. Phishing against cryptocurrency targets - such as cryptocurrency exchanges and wallet providers - settled at 5.6 percent of attacks.

Also in this report, contributing APWG member RiskIQ analyzed the use of domain names for phishing and found problems related to free domain names, while member Axur documented how phishing has recently increased in Brazil.

The full text of the report is available here:


About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative and founder/curator of the Symposium on Electronic Crime Research, the world's only peer-reviewed conference dedicated specifically to electronic crime studies. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: Abnormal, Accenture, Acronis, Afilias, AGARI, AhnLab, AT&T, Allure Security, AREA 1, AIT, appgate, Avast, Awayr AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, Bolster, BrandShield, Browlser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ.NIC, DigiCert, DNS Belgium, DomianTools, EBRAND, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. Hitachi Systems, .ID, ICANN, Infoblox, Ingressum, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NAVER, Netcraft, NetSTAR, Noblis, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs, Proofpoint, Qintel, Rakuten, Recorded Future, Red Sift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, SIDN, SlashNext, Sopos, SWITCH, Symantec, Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber Security, Webroot, workday, ZeroFOX, ZibaSec, ZIX, and zvelo.


For media inquiries related to the company-content of this report, please contact APWG Secretary General Peter Cassidy ([email protected], +1.617.669.1123);

Stefanie Wood at OpSec Security ([email protected]);

Angela Tuzzo of Agari ([email protected]);

Eduardo Schultze of Axur ([email protected],+55 51 3012-2987);

Stacy Shelley of PhishLabs ([email protected], +1.843.329.7824);

Holly Hitchcock of RiskIQ ([email protected]).

Source: APWG


Tags: AML, APWG, BEC, crimeware, cyber, cybercrime, cybersecurity, cybersecurityawareness, dnssec, smishing, vishing

Additional Images


View Website

Founded in 2003, the Anti-Phishing Working Group (APWG) is an international coalition of counter-cybercrime responders, forensic investigators, law enforcement agencies, technology companies, financial services firms, university researchers, NGOs and multilateral treaty organizations operating as a non-profit organization. Its directors, managers and research fellows advise national and sub-national governments as well as the United Nations (Office on Drugs and Crime) as recognized experts (as defined by the Doha Declaration of 2010 and Salvador Declaration of 2015) as well as multilateral bodies and organizations.

406 Waltham Street (246)
Lexington, MA 02421-7948
United States