Phishing, Scams and BEC Attacks All Rose Markedly in 2025

CAMBRIDGE, MA / ACCESS Newswire / February 23, 2026 / The APWG's new Phishing Activity Trends Report rounds up phishing and fraud activity that took place in 2025. Phishing attacks occurred at a high and steady pace in 2025 - but the volume of other types of scams and frauds exploded across social media platforms, and the number of Business email compromise (BEC) attacks increased significantly in scale.

During 2025, APWG observed 3.8 million phishing attacks, up slightly from 3.76 million in 2024. In the fourth quarter of 2025, APWG observed 853,244 phishing attacks, decreasing 4 percent from 892,494 attacks in Q3 2025, and down from the 1,130,393 attacks recorded in Q2 2025, which was largest quarterly total seen since Q2 2023.

However, during 2025 the volume of scams and fraud increased on every social media platform, according to APWG contributing member ZeroFox. Volume also increased across threat types every quarter last year. The volume of scams, phishing, impersonation attacks, and other threats grew from 51 percent up to 843 percent from quarter to quarter.

Carlos Alvarez, Disruption Partnerships Lead at ZeroFox said, "This widespread, significant growth on all major social media platforms simultaneously demonstrates that threat actors are successfully scaling their operations across the entire social media ecosystem."

Finance, retail, and federal government programs' brands and trademarks were especially spoofed on social media. APWG founding member Crane Authentication found that the social media and SAAS/webmail categories were the sectors most attacked by phishing.

"Business e-mail compromise" or BEC attacks also became more frequent. The total number of wire transfer BEC attacks observed by APWG contributing member Fortra in Q4 2025 increased by 136 percent compared to the previous quarter. Forta attributes the increase to Scripted Sparrow, a threat group it first observed in June 2024. The group is currently the world's most prolific BEC gang, and Fortra estimates that the group sends as many as 6 million highly targeted emails monthly.

Phishing that used QR codes to advertise phishing sites dropped from Q3 to Q4 2025, according to APWG contributor Mimecast, However, Mimecast saw that phishers switched to using new infrastructures, and shifted to new targets, hoping to catch companies unaware.

The full text of the report is available here:

https://docs.apwg.org/reports/apwg_trends_report_q4_2025.pdf

About the APWG

Founded in 2003, the Anti-Phishing Working Group (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide.

APWG's apwg.org and stopthinkconnect.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and manager of the global STOP. THINK. CONNECT. campaign, most recently deployed as the national cybersecurity awareness campaign of Argentina, and founder/curator of the Symposium on Electronic Crime Research, the world's only peer-reviewed, published conference dedicated specifically to electronic crime studies (https://ecrimeresearch.org/ecrime-symposium/). APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations.

Contacts

For media inquiries related to the APWG, please contact APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123). Or for company-specific content related to this release, please contact: Stefanie Wood of Crane Authentication (stefanie.wood@craneauthentication.com); Jessica Ryan of Fortra (Agari and PhishLabs) (jessica.ryan@fortra.com); Tim Hamilton of Mimecast (thamilton@mimecast.com); and Carlos Alvarez of ZeroFox (caalvarez@zerofox.com).

SOURCE: ANTI-PHISHING WORKING GROUP