Reports, Studies, and Data

• The Anti-Phishing Working Group (APWG) issues quarterly phishing reports that track attack numbers, industries affected, and more.   https://apwg.org/trendsreports/ 
  
  

• Interisle publishes annual reports detailing phishing growth trends, where criminals obtain resources, and trends in criminal behavior.  The Phishing Landscape Report 2023 is located at https://interisle.net/PhishingLandscape2023.pdf.  Quarterly reports and statistics on other cybercrimes can be found on Interisle’s Cybercrime Information Center project website at: https://www.cybercrimeinfocenter.org/ 
  
  

• Interisle has also started a series of reports looking at the broader “supply chain” criminals use to obtain the resources they need to perpetrate cyberattacks, including phishing. Cybercrime Supply Chain 2023 Report:  https://interisle.net/CybercrimeSupplyChain2023.html
  
  

• The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) issues annual reports on phishing and other cybercrime trends, including estimates of losses experienced by victims reporting crimes. Annual IC3 reports page: https://www.ic3.gov/Home/AnnualReports
  
  

• The Federal Trade Commission (FTC) recently analyzed and quantified losses due to text-based scam messages aimed at consumers, which use the same tools of the trade used by phishers in email-based scams.  https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2023/06/iykyk-top-text-scams-2022
  
  

• IBM’s Cost of a Data Breach Report 2023 provides insights on the causes and costs of data breaches, including breaches originating from phishing attacks. https://www.ibm.com/reports/data-breach 
  
  

• Paypal’s Adam Oest, along with collaborators from Arizona State University, Google, and Samsung among others, published a detailed analysis of the lifecycle of a phishing attack titled “Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale.” https://www.usenix.org/system/files/sec20fall_oest_prepub.pdf
  
  

• The annual CrowdStrike Global Threat report provides insights and observations into cyberattack and cybercrime activity. Their most recent report highlights identity-based and social engineering attacks (i.e. phishing) as a key theme and  threat vector. https://go.crowdstrike.com/global-threat-report-2024
  
  

• The World Economic Forum (WEF) has analyzed and estimated the global costs and economic losses due to lack of digital trust and cybercrimes, including phishing. The 2022 report can be found at: https://www.weforum.org/agenda/2022/08/digital-trust-how-to-unleash-the-trillion-dollar-opportunity-for-our-global-economy
  
  

• “The Hidden Injustice of Cyberattacks” by Nicole Tisdale for WIRED outlines the disproportionate economic toll cyberattacks have on communities of color and other marginalized groups.  https://www.wired.com/story/cybersecurity-marginalized-communities-problem/
  
  

• The Better Business Bureau Institute for Marketplace Trust (BBB Institute) 2023 BBB Scam Tracker Risk Report analyzes a range of online and off-line scams and sheds light on how they are perpetrated, who is being targeted, and which scams have the greatest impact. https://bbbmarketplacetrust.org/wp-content/uploads/2024/03/2023-BBBScamTracker-RiskReport-US-FINAL.pdf
  
  

• Although not a data analysis report, the President’s National Security Telecommunications Advisory Committee (NSTAC) 2023 report on Addressing the Abuse of Domestic Infrastructure by Foreign Malicious Actors provides background on foreign cyberattack scenarios, an overview of current mitigation efforts and key issues, and actionable recommendations.  https://www.cisa.gov/sites/default/files/2024-01/NSTAC_Report_to_the_President_on_Addressing_the_Abuse_of_Domestic_Infrastructure_by_Foreign_Malicious_Actors_508c.pdf