Phishing Attacks Hit An All Time High - 1 million attacks in Q1 2022

According to the Q1 2022 report by the Anti Phishing Working Group (APWG), the first quarter of the year saw phishing attacks hit a record high, exceeding 1 million for the first time.

A phishing attack is a type of social engineering that attempts to entice someone into performing a harmful action or divulging confidential information via email.

To combat this, spam filters are often used, and while they will successfully identify and stop many of these emails, newer and more sophisticated types will often bypass even the most advanced filters.

In 2021, an estimated 94% of all malware and ransomware were delivered by email, with the primary goals likely being sensitive information compromise.

In this blog, we give a rundown of the latest phishing statistics and facts from the APWGs ‘Phishing activity trends reports’ for the first quarter of 2022.

Summary of Q1 phishing trends

1. Phishing attacks Phishing attacks on the financial sector, including banks accounted for 23.6% of phishing attacks in the first quarter. The financial sector was followed closely by SaaS and Webmail at 20.5%.

2. Ransomware attacks Whilst the majority of sectors saw a decrease in the number of ransomware attacks, those in the financial sector saw a 35% increase in the number of attacks in Q1.

3. Credential Theft Credential theft phishing against enterprise users increased to 7% in Q1. This is up to nearly 59% of all phishing emails sent.

4. Social Media Impersonation The impersonation of corporate executives on social media has increased to 47%, from 27% in the previous quarter.

Summary of Q1 phishing trends

The first quarter of 2022 saw the highest number of phishing attacks observed since APWG began recording quarterly statistics.

This number has tripled since 2020 when the group recorded phishing attacks totalling between 68,000 and 94,000 per month.

January February March
Number of unique phishing Web sites (attacks) detected 331,698 309,979 384,291
Unique phishing email subjects 15,275 14,176 24,187
Number of brands targeted by phishing campaigns 608 621 673

Main target industries for phishing attacks

As mentioned previously the highest number of phishing attacks were targeted at the financial sector (23.6%), followed by SaaS and Webmail at 20.5%.

Following on from this:

  • Retail and eCommerce reduced to 14.6% from 17.3% in Q4 of 2021.
  • Phishing against social media increased to 12.5%, from 8.5% in Q4 2021.
  • Phishing against cryptocurrency exchanges reached 6.5%


Ransomware is a type of malware that infects systems and networks, blocking access to data by encrypting it until the victim pays a ransom to the malicious hacker.

Take a look at our blog, ‘Anatomy of a ransomware attack’, to learn more about the process of a ransomware attack and how to defend against it.

Ransomware delivered by phishing campaigns

Overall the number of ransomware attacks delivered by phishing campaigns decreased by 25% in Q1 of 2022 with the top industries impacted being manufacturing, business services, finance, retail and wholesale.

Affected industries

The majority of sectors saw a decrease in the number of targeted ransomware attacks with the exception of the financial services sector, which increased by 35%.

This trend in the financial sector has been on an upward trend over the past year with researchers observing a 75% high in the first quarter of 2021. The main drivers behind this is a focus by the crime group known as LockBit who primarily prey on small accounting and insurance businesses.

Who are malicious actors targeting?

The main target for malicious actors in Q1 were companies which are deemed to be large enough to pay ransom, but not large enough to have strong cybersecurity controls in place.

  • The median annual revenue of companies targeted by ransomware attacks was €29.5 million ($31 million)
  • Almost 11% of companies that were targeted had revenues exceeding €950 million ($1 billion)

Business email compromise

Business email compromise (BEC) is a form of phishing attack in which a malicious attacker poses as someone the email recipient should trust, such as a colleague, boss or a vendor and attempts to trick the recipient into transferring funds, or revealing sensitive information.

Unlike standard phishing emails which are sent out to millions of people, BEC attacks are crafted for specific individuals and can be difficult to detect.

BEC phishing campaigns

A comparison between Q1 2021 and the same quarter of 2022 showed a notable increase in advanced fee fraud, cryptocurrency and Zelle cashout attempts through BEC phishing campaigns. In addition, a decrease was found in wire transfer requests.

The most popular cash-out methods used after a successful phishing attack includes:

  • Gift card requests which totalled 63%
  • Payroll diversion totalling 16%
  • Wire transfer at 9%

The remaining 12% account for a variety of different payout methods.

How the experts can help

One of the best ways to reduce the likelihood of a successful attack is through experience.

At Secora Consulting, we offer tailored Phishing Simulations to determine how effectively your business can identify incoming phishing attacks.

The simulation not only measures failures within staff awareness, but also provides you with an insight into what an attacker might be able to achieve once inside your organisation.

Get in touch if you have any questions or would like to learn more about our tailored Phishing Simulations.

watermark secora outline

Our services

All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.

Are your staff security aware?.

Make sure your staff know how to spot a phishing email before it is too late. Find out how our phishing assessments could help secure your organisation.