Criminals Are Launching Costly Attacks Across an Array of Methods - and Media
CAMBRIDGE, MA / ACCESS Newswire / December 10, 2025 / The APWG's new Phishing Activity Trends Report reveals that while numbers of spam email-based phishing campaigns are falling, cybercriminals are increasingly employing a wider array of resources to drive phishing scams-including SMS messaging, QR codes, free email accounts, and more.
In the third quarter of 2025, APWG observed 892,494 phishing attacks, falling from 1,130,393 in Q2, the highest quarterly total in two years. Specialized attack instrumentation, however, has increasingly played central roles in phishing campaigns, as cybergangs and cybercrime-tech vendors' appreciation of their advantages in hooking victims.
"Kits and AI tech provide efficiencies for gangs to deploy most any kind of phishing campaign on -- or across -- any number of media. The evolutionary step we need to monitor now, however, is AI casting attack orchestrations across media-with automation-in ways usually associated with hand-tooled spearphishing campaigns," said APWG Secretary General Peter Cassidy. "The advent of mass customization as a common attack architecture will require counter-cybercrime stakeholders to rethink their responses."
BEC (business e-mail compromise) attacks became more frequent in Q3. These are attempts to trick employees into sending their company's money or passwords to a criminal, and often begin with a phishing message. The total number of wire transfer BEC attacks observed by APWG contributor Fortra in Q3 2025 increased by 57 percent compared to Q2.
When criminals requested that companies send money to them via wire transfer, the average amount requested in Q3 2025 was $48,115, a 42 percent decrease from the prior quarter's average of $83,099. Phishers often used free email accounts to initiate contact with their potential victims.
In Q3 2025, contributor Crane Authentication saw voice telephony phishing and SMS (text) phishing attempts (vishing and smishing) continue to rise. "Our SMS-based fraud detections have increased by nearly 35 percent in the last quarter" said Matthew Harris, Senior Product Manager, Fraud at Crane Authentication.
Phishers also increased their use of QR codes to advertise phishing sites. During Q3 2025, Mimecast detected 716,306 unique malicious QR codes, up 13 percent from 635,672 in Q2. Over the 12 months from Q2 2024 through Q3 2025, Mimecast detected more than 3 million unique malicious QR codes. QR codes were used to attack the manufacturing sector most often.
The full text of the report is available here:
https://docs.apwg.org/reports/apwg_trends_report_q3_2025.pdf
Contacts
For media inquiries related to the APWG, please contact APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123). Or for company-specific content related to this release, please contact: Stefanie Wood of Crane Authentication (stefanie.wood@craneauthentication.com); Jessica Ryan of Fortra (Agari and PhishLabs) (jessica.ryan@fortra.com); Tim Hamilton of Mimecast (thamilton@mimecast.com).
SOURCE: ANTI-PHISHING WORKING GROUP
View the original press release on ACCESS Newswire