Phishing Trends: 2019-2022: The Evolving Threat Landscape


Bolster has scanned over 1 billion websites and counting to detect phishing and counterfeit pages. We have been reporting on phishing trends for four years and continue to observe an increase in the number of phishing and scam/counterfeit pages.

In 2019, Bolster detected 4.2 million phishing and scam/counterfeit pages. In 2020, that number increased by 66% to nearly 7 million pages with a daily average of 19,000 counterfeit pages detected.

In 2021, the alarming total number of phishing and counterfeit pages increased by a staggering 53% over 2020 levels, reaching a daunting count of more than 10.7 million. The average number of insidious phishing and counterfeit pages detected per day also escalated significantly, surpassing an alarming figure of over 29,000.

These worrisome statistics unequivocally indicate that the threat landscape is not only growing, but also becoming more frequent, demanding immediate action to safeguard digital ecosystems.

Here were some of the top phishing trends we observed in 2021:

  • Phishing and scam attacks doubled for retail and social networking, more than tripled for e-commerce, and more than quadrupled for the SaaS, communications, gaming, and streaming industries.
  • Microsoft continued to be a big target. Uptick in phishing observed for Adobe, Amazon, Facebook and Netflix.
  • Com, xyz, ru, info, and online remained the top five TLDs hosting fake sites
  • There was no change in the top email services in use from 2020 to 2021. Gmail took the lead both years, followed by Yahoo, and then Outlook.

The COVID-19 pandemic, which forced many people to work and study from home was a major driver of phishing scams. This shift to remote work led to a rapid acceleration of digital adoption and companies had to quickly digitalize their operations, this has provided a growing opportunity for fraudsters.

The rapid shift to digital platforms led to an increase in the number of phishing and cyberfraud attempts as the attackers followed their targets to these new digital platforms.

Additionally, the economic uncertainty caused by the pandemic may have led to an increase in phishing attempts as scammers sought to take advantage of people’s financial vulnerability. The rapid increase in the number of phishing and counterfeit pages detected from 2020-2022 is a clear indication that phishing is an ongoing threat that requires constant vigilance.

In our 2022 phishing and fraud trends report, we predicted that the shift towards a digital first society will continue to be the norm in the coming years, and with it, the threat of cyberfraud will continue to grow. We expected to see an increase in the number and sophistication of phishing and scam attacks, as well as a wider range of industries being targeted.

According to the Anti-Phishing Working Group (APWG), the third quarter of 2022 saw an unprecedented number of phishing attacks, with a total of 1,270,883 attacks reported. This marks a new record high and the worst quarter for phishing ever recorded by APWG. Bolster’s prediction that cyberfraud would continue to grow in a digital-first society appears to be in line with the data reported.

Read More: 14 Phishing Statistics for 2024

It’s also important to note that the financial sector was particularly targeted, with attacks against this industry accounting for 23.2% of all phishing attacks. This emphasizes the need for stronger security measures within this sector.

As for Bolster, we are currently working on our 2023 report, which will provide additional insights on how these trends have evolved in the past year. We encourage our readers to stay tuned for the release of this report as it will provide valuable information on the the state of phishing and online fraud.

In the meantime, download our free 2022 Phishing and Trends Report here.

Request a demo to learn more about how Bolster can help your organization stay protected against the evolving threat of phishing.