Phishing threats were analyzed in a recent report by APWG. 

According to the report, fraudsters are increasingly calling potential victims directly, and luring them with text messages that may contain a phone number for the targeted subscriber to call. These phone-based methods are more immediate, and allow fraudsters to talk victims out of their sensitive information. 

The report also found that phone methods being blended with email to carry out targeted attacks known as Business Email Compromise (BEC) attacks. These attacks can be especially costly: Fortra found that scammers requested an average of $89,520 per attempt in Q2 2024.

When fraudsters use email, they prefer to use free email services. Fortra found that 72% of Business Email Compromise (BEC) attacks in Q2 2024 were launched using a free webmail domain. The remaining 28% of BEC attacks utilized a combination of maliciously registered domains and compromised email accounts. Google’s Gmail was by far the most popular free webmail provider for BEC scammers, used for 72.4% of the free webmail accounts that scammers set up for BEC scams in Q2 2024.

The report also reveals that in Q2 2024, APWG observed 877,536 phishing attacks, decreasing from 963,994 attacks in the first quarter of 2024.

Download the report.