APWG Q2 Report: Phishing and Scam Attack Numbers Rise While Inflicted Damages from BEC Attacks Explode
Extra Than 1600 Manufacturers Focused, Simply By QR Code Assaults in Q2
CAMBRIDGE, MASSACHUSETTS / ACCESS Newswire / September 4, 2025 / CAMBRIDGE, Mass.-The APWG’s Q2 2025 Phishing Exercise Traits Report reveals rising numbers of cybercrime assaults, with some varieties of phishing inflicting quickly rising prices to the customers and companies they victimized throughout Q2 of this 12 months.
QR CODE ATTACKS IN Q2 2025
APWG will meet to contemplate these developments and the rise of AI as a cybercrime co-conspirator at its eCrime Symposium in November: https://apwg.org/events/ecrime2025
The variety of phishing assaults has risen steadily over the past 12 months. Within the second quarter of 2025, APWG noticed 1,130,393 phishing assaults, up 13 p.c from 1,003,924 assaults in Q1 2025. That is the biggest quarterly whole since 1.28 million of those campaigns have been noticed in Q2 2023.
Assaults additionally value firms more cash within the final quarter.
“Enterprise e-mail compromise” or BEC assaults try and trick workers, typically key operations personnel and executives, into sending their firm’s cash or passwords to a legal. When criminals requested that firms ship cash to them through wire switch, the typical quantity requested in Q2 2025 was $83,099, a 97 p.c improve from Q1 2025. The full variety of wire switch BEC assaults noticed additionally elevated, by 27 p.c in comparison with Q1 2025.
Phishers are additionally utilizing the providers of respectable firms to hold out phishing.
Matthew Harris, Senior Product Supervisor, Fraud at Crane Authentication/OpSec Safety, reported: “We’re seeing an increase within the quantity of phishing positioned on free internet hosting platforms, and on domains the place the community and internet hosting infrastructure is behind third-party safety providers.”
APWG member Fortra documented that Inexperienced Dot was as soon as once more the popular financial institution of payroll diversion scammers, with one in 4 payroll diversion makes an attempt directed in the direction of accounts at certainly one of Inexperienced Dot’s manufacturers. Area registrar NameCheap was used most frequently by BEC scammers, in virtually 1 / 4 of all BEC assaults. Google’s Gmail was used for 70 p.c free webmail accounts that scammers arrange for BEC scams, Fortra discovered.
Whereas phishers direct massive numbers of assaults towards sure manufacturers (such because the U.S. Postal Service), an amazing many firms’ manufacturers are additionally being attacked. APWG contributor Mimecast discovered that 1,642 manufacturers have been focused by criminals utilizing malicious QR codes, which direct the victims to phishing websites and malware.
Report: https://docs.apwg.org/reports/apwg_trends_report_q2_2025.pdf
About APWG
The Anti-Phishing Working Group (APWG) is the worldwide business, regulation enforcement, and authorities coalition centered on unifying the worldwide response to digital crime. Membership is open to certified monetary establishments, on-line retailers, ISPs and Telcos, the regulation enforcement neighborhood, options suppliers, multilateral treaty organizations, analysis facilities, commerce associations and authorities companies. SEE: APWG’s apwg.org and stopthinkconnect.org web sites.
Contact APWG at [email protected], +1.617.669.1123). For company-specific content material on this launch, contact: Stefanie Wooden of Crane Authentication/OpSec Safety ([email protected]); Jessica Ryan of Fortra (Agari and PhishLabs) ([email protected]); Tim Hamilton of Mimecast ([email protected]).
Contact Info
Peter Cassidy
Secretary Basic
[email protected]
617-669-1123
SOURCE: ANTI-PHISHING WORKING GROUP
