Application security, Threat Management, Incident Response, Malware, TDR

APWG report: Phishing surges by 250 percent in Q1 2016


The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition's Q1 Phishing Activity Trends Report. In keeping with those findings, the APWG reported that the number of phishing websites it detected jumped a startling 250 percent between October 2015 and March 2016.

While a brief spike in phishing incidents was expected in December 2015 due to the usual holiday-timed phishing scams, the continued surge of attacks came as a surprise, as APWG detected a record 289,371 unique phishing websites in Q1, 123,555 of which were found in March 2016 alone. In contrast, only 44,575 unique phishing sites were identified in November 2015.

“The sustained increase into 2016 shows phishers launching more sites, and is cause for concern,” said Greg Aaron, APWG senior research fellow and vice president of iThreat Cyber Group, in a press release.  

Unique phishing campaigns – in which multiple users receive emails with a common subject line, directing them to a specific phishing site – also jumped from just under 100,000 in January to nearly 230,000 in both February and March.

“This large spike reported in phishing sites and BEC [Business Email Compromise] attacks is no surprise as cybercriminals are becoming bolder and bolder, using social media and web infrastructure to create attacks that are more sophisticated and more effectively targeted,” said Roberto Drassinower, CEO and president of cyberthreat detection and mitigation firm BrandProtect, in an emailed statement to

The APWG report also included several malware-related phishing statistics collected by research partner PandaLabs, which uncovered more than 20 million new malware samples in Q1, almost 67 percent of which were classified as trojans.

“Globally, attackers using phishing techniques have become more aggressive in 2016, with keyloggers that have sophisticated tracking components to target specific information, and organizations such as retailers and financial institutions that top the list,” Chairman Dave Jevans said in the APWG release.

Throughout the quarter, the U.S. continued to be the nation hosting the top number of phishing sites, while China was the most malware-infected country. The retail industry was the most targeted sector.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.