Webinar: Role Based AI in One Click: Train, Deploy, and Use Across any Channel | December 17 at 11 AM EST.
Register Now

Phishing Attacks REALLY Down?

Updated on October 10, 2022, by Xcitium

Phishing Attacks REALLY Down?

Are Phishing Attacks REALLY Down?

There is a recent study by the “Anti Phishing Working Group” (APWG) being widely reported that phishing attacks were down 20% in 2012.

When I first read about this I thought,
“They HAVE to be kidding!”

There is a flood of other stories that contradict such a finding, including numerous reports of high profile attacks. Last week, in fact, we learned that a Syrian group had a successful email phishing attack on White House staffers. A member of the “Syrian Electronic Army” (SEA), supporters of dictator Bashar al-Assad, proudly distributed screen prints of White House staffer Erin Lindsey’s Gmail account emails. Ms. Lindsey made the mistake of clicking on a link in a faux email from the SEA.

American Banker Magazine this week is reporting on a “spike” in email phishing that targets bank customers. I can testify that I get emails almost every day about my accounts at Banks I don’t use!

Yet, the APWG is a reputable group supported by many of the biggest names in Internet Security and corporate America. How can we reconcile this?

First, if there has been a decline in phishing attacks in 2012 it is the context of a dramatic rise in recent years. There is no standard metric, but there is every indication that email phishing scams have been booming. Even a 20% decline would leave a lot of phishing going on. Second, an important metric in the report is a decline in the number of compromised servers being used in phishing scams. The scammers seize control of a server hosting multiple domains and then create phishing pages for each domain.

In recent years that has been a significant decline in storage costs and processing power. Just last year my own internet host increased the available storage in my web site plan from 300gb to 1tb without increasing my plan cost. It was 30mb when I first started with them in 2003!

This has made it possible to host more domains per server. It is likely that a decline in the number of servers compromised does not translate to the same percentage of domains compromised. They may also be using compromised servers for other nasty purposes, such as spamming and botnets.

Even if the total volume of phishing is down as the AFWG report also asserts, there is every reason to believe that it is because they are becoming more targeted, more selective. There may be fewer mass mailings with low probabilities of success and more sophisticated attacks that actually victimize their targets. That would explain why the volume could be down but we are reading about more and more successful high profile attacks.

In support of my theory I found a report by the German Internet Security firm Eleven Research that found email spam declining in 2012 but the “threat level” increasing. That’s because email spam and phishing attacks have become far more target and much more dangerous. Drive by email, where the email entices the victim to click on a link and download malware, was 10% of all email span. This is an all-time high as a percentage of spam.

Eleven Research also asserts that a higher percentage of phishing is “spear phishing” than ever before. A spear phishing attack targets particular individuals and organizations, as opposed to mass mailings that count on a small percentage of a volume to be duped. Orchestrator’s of spear phishing attacks use internet sources including social media to learn about a victim and their colleagues to craft emails that appear convincingly legitimate.

I wouldn’t click on the link in an email from a South African barrister handling the estate of a possible relative. However, I just might for a webinar that my company is actually planning that appears to come from a co-worker.

Scammers have found social media a treasure trove of information to use in targeted attacks, and they are becoming more sophisticated. SpiderLabs, the penetration testing division of the security firm TrustWave, has unveiled a tool that analyzes an individual’s Twitter content and can assist in creating writing that appears to come from that individual. It coaches the actual writer on the style and content that would be expected from the purported author. There are indications that such tools are already in use by hackers.

Regardless of the volume of attacks, Eleven Research has it right. The threat level is increasing!

See our Unified Zero Trust (UZT) Platform in Action
Request a Demo

Protect Against Zero-Day Threats
from Endpoints to Cloud Workloads

Product of the Year 2025
Newsletter Signup

Please give us a star rating based on your experience.

1 Star2 Stars3 Stars4 Stars5 Stars (7 votes, average: 2.29 out of 5)
Expand Your Knowledge
Cybersecurity Vs Information Security
Cybersecurity Vs Information Security – Are They Different?

People utilize search engines to confirm their queries and get convincing answers. However, in the s...
What Does ERM Mean
What Does ERM Mean? Unlocking Enterprise Risk Management for Secure Growth

Ever asked yourself what does ERM mean and how it applies to your organization? ERM stands for Enter...
What is an LLM
What Is an LLM? A Beginner-to-Expert Guide for Business and Tech Leaders

Have you noticed the surge in conversations about AI tools like ChatGPT and other advanced models? B...
How to Access the BIOS
How to Access the BIOS: Step-by-Step Guide for IT Pros

Have you ever needed to change your PC’s boot order, enable virtualization, or troubleshoot at...
Meaning Of Ransomware
Meaning Of Ransomware

In February 2020, residents of Redcar and Cleveland Borough, UK woke up to strange news. Cyber attac...
What is a VPN
Introduction: Why You Should Understand VPNs in 2025

With remote work, cybercrime, and digital surveillance on the rise, maintaining online privacy has n...
mdr-for-microsoft
🚀 MDR for Microsoft: The Complete Conversational Guide to Modern Threat Protection (2026)

Cyberattacks are getting smarter, faster, and more aggressive every year. Even companies using Micro...
AWS What is it
AWS: What Is It and Why It Matters for Businesses

If you’ve ever wondered “AWS what is it and why is it everywhere?”, you’re not alone. Amazon...
what is lora
What Is LoRa? The Complete 2026 Guide for IT Managers, Cybersecurity Teams & Business Leaders

If you’re exploring modern IoT security or looking to scale low-power devices across your orga...
What is an API
Introduction: Why APIs Matter More Than Ever

Have you ever wondered how your mobile banking app pulls real-time account data or how a third-party...
how do i update a pivot table
How Do I Update a Pivot Table: A Complete Step-by-Step Guide

Have you ever refreshed your Excel pivot table only to find the numbers don’t match your updated d...
What Is Spear Phishing
What Is Spear Phishing? How to Spot and Stop Targeted Attacks

What is spear phishing, and why is it one of the most dangerous forms of cyberattacks today? While t...

By clicking “Accept All" button, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookie Disclosure

Manage Consent Preferences

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.