APWG Q1 2026 Report: Phishing and Scams Rising on All Social Media

Cybercrime Gangs Focusing Increasingly on Telecom Sector’s Brands and Infrastructure

CAMBRIDGE, MA / ACCESS Newswire / May 27, 2026 / APWG’s Q1 2026 Phishing Activity Trends Report finds that Phishing attacks rose substantially in the quarter, with the volume of scams and frauds continuing to increase across all social media platforms, while cybergangs increasingly targeted the Telecom sector’s brands and infrastructure.

According to data reported to the APWG, phishing attacks rose 13.8 percent in early 2026, from 853,244 phishing attacks in Q4 2025 to 971,181 in Q1 2026.

During Q1 2026, APWG contributing member ZeroFox discovered that threat volume increased on every social media platform. ZeroFox found that threats on social media in 2025 were predominantly of two types: Scams (content uses deceptive tactics to defraud users of money or personal information) were 27.1 percent of all threats); and Impersonation (content that falsely claims to be from a real person, a brand, or an organization) were 43.8 percent of all threats.

APWG founding member Crane Authentication reported that the Telecom category was the most-frequently attacked in the first quarter, rising from 5.9 percent of all attacks in Q3 2025 to 33 percent in Q1 2026. “We continue to observe the trend where many never-before-phished organizations are now being targeted, particularly within the telecom sector, where URL phishing frequency has increased 75 percent since Q4 2025,” said Matthew Harris, Senior Product Manager, Fraud at Crane Authentication.

Harris said his sense was that cybergangs’ attraction to this sector may well be that Telecoms carriers bundle consumer ISP services with email hosting (often marked with a trusted brand) and telephony services, giving succcessful attackers in account takeover scenarios “multiple pivots” – including using compromised accounts to drive other profitable cybercrime campaigns (e.g. e-mail based phishing, vishing, etc.) or even just ordering and re-selling expensive cell phones.

In addition, telephone-based fraud (“vishing” or voice call phishing, plus “smishing” or phishing via SMS and text messages) continued to rise, increasing 15 percent from Q4 2025 to Q1 2026, Crane Authentication found.

“Business e-mail compromise” or BEC attacks were less frequent in early 2026. APWG contributing member Fortra found that the total number of wire transfer BEC attacks observed by Fortra in Q1 2026 decreased by 25 percent compared to the previous quarter. Fortra also observed that the average amount demanded in wire transfer BEC attacks in Q1 2026 was $42,663, a 15 percent decrease from the prior quarter’s average of $50,297.

The full text of the report is available here: https://docs.apwg.org/reports/apwg_trends_report_q1_2026.pdf.

About the APWG

Founded in 2003, the Anti-Phishing Working Group (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide.

APWG’s apwg.org and stopthinkconnect.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is the founding manager of the global STOP. THINK. CONNECT. campaign, most recently deployed as the national cybersecurity awareness campaign of Argentina, and founder/curator of the Symposium on Electronic Crime Research, the world’s only peer-reviewed, published conference dedicated specifically to electronic crime studies. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations.

Among APWG’s sponsors are: Acronis, Adaptive Security, Adobe, Allure Security, Amazon, appgate, Aquilai Solutions, BanCert, beehiiv, BforeAI, Bitsight Technologies, Bolster, BrandShield, CLARO, Criminal IP, CSC, Canva, the Central Bank of Jordan, Central Bank of the Republic of Uzbekistan, CHT Security, Cisco, CleanDNS, Cloudflare, CloudSEC, CMC Telecom, Crane Authentication, CSIS, CTM360, Cyberia, Cybele, DigiCert, DNS Belgium, DNSFilter, Docusign, Doppel, eBay, EBrand, Ersre S Group, ESET, FirstRand, Fortinet, Forta, Fyeo, GMO Brand Security, GMS Securidad, the Government of Canada, GoDaddy Registry, Gogolook, Group-IB, Halon, Hispasec, Hitachi, Hornet Security, ICANN, Illumintel, Infoblox, Intuit, IQ Global, Kaspersky Labs, Knowbe4, Material Security, Meta, Microsoft, Naver, Netcraft, NetSTAR, Nominet, NIC.BR, Nurilab, OpenText, Outtake, Palo Alto Networks, Paperless Post, PayPal, Proofpoint, PIR, Rakuten, Recorded Future, Reversing Labs, S2W, SafeLabs, Secutec, Seven & I Holdings, SIDN, SOCRadar, Sophos, Spamhaus, Symantec, Team Cymru, Telefonica, Temu, Thomsen Trampedach, ThreatSTOP, Tracer, Trend Micro, Trustwave, Varonis, VMRay, Verisign, Vevor, Yaris, .XYZ, Zimperium, Zix, and Zoho.

Contacts

For media inquiries related to the APWG, please contact APWG Secretary General Peter Cassidy (pcassidy@apwg.org, +1.617.669.1123). Or for company-specific content related to this release, please contact: Stefanie Wood of Crane Authentication (stefanie.wood@craneauthentication.com); Jessica Ryan of Fortra (Agari and PhishLabs) (jessica.ryan@fortra.com); and Carlos Alvarez of ZeroFox (caalvarez@zerofox.com).

SOURCE: Anti-Phishing Working Group

View the original press release on ACCESS Newswire