---
title: "Phishing Trends in 2022 So Far, And What You Can Learn From Them | Phish Protection"
description: "Phishing Trends in 2022 So Far, And What You Can Learn From Them: Phishing is one of the most formidable threats in the cyber world today. Even though."
image: "https://phishprotection.com/og/blog/phishing-trends-2022.png"
canonical: "https://phishprotection.com/blog/phishing-trends-2022/"
---

Quick Answer

\*\*Phishing is one of the most formidable threats in the cyber world today.\*\* Even though various news, reports, and anti-phishing campaigns attempt to spread awareness and knowledge, people still fall victim to novel phishing methods. This article seeks to summarize key statistics observed so far in 2022 by various cybersecurity organizations and present them in a useful and comprehensive manner. It is also a warning for all organizations and individuals for the rest of the year.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-trends-2022%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Trends%20in%202022%20So%20Far%2C%20And%20What%20You%20Can%20Learn%20From%20Them&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-trends-2022%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-trends-2022%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-trends-2022%2F&title=Phishing%20Trends%20in%202022%20So%20Far%2C%20And%20What%20You%20Can%20Learn%20From%20Them "Share on Reddit") [ ](mailto:?subject=Phishing%20Trends%20in%202022%20So%20Far%2C%20And%20What%20You%20Can%20Learn%20From%20Them&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-trends-2022%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/05/office-365-phishing-protection-9548.jpg) 

**Phishing is one of the most formidable threats in the cyber world today.** Even though various news, reports, and anti-phishing campaigns attempt to spread awareness and knowledge, people still fall victim to novel phishing methods. This article seeks to summarize key statistics observed so far in 2022 by various cybersecurity organizations and present them in a useful and comprehensive manner. It is also a warning for all organizations and individuals for the rest of the year.

### Alarming Cybercrime And Phishing Statistics

Before an in-depth analysis of the top trends of 2022, here is a quick look at the current phishing and cybercrime landscape in numbers.

- Phishing remained the **top root cause** of data breaches in the first quarter of 2022, [according to an ITRC report](https://www.idtheftcenter.org/publication/q1-2022-data-breach-analysis/).
- HTML attachments were the [most common files deployed](https://www.bleepingcomputer.com/news/security/html-attachments-remain-popular-among-phishing-actors-in-2022/) by phishing attackers in Q1 2022.
- Brand impersonation continued to lure victims through phishing pages, and Microsoft and [LinkedIn](https://www.globenewswire.com/en/news-release/2022/04/19/2424170/0/en/Social-Media-Network-LinkedIn-Ranks-First-in-List-of-Brands-Most-Likely-to-be-Imitated-in-Phishing-Attempts-in-Q1-2022.html) were the topmost impersonated brands.
- EMOTET, a go-to cybercrime service for malicious actors, made a return after [shutting down in 2021](https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action).
- The Ukraine war gave threat actors more ground to conduct their nefarious activities as it helped them raise their attack potential with Ukraine-themed phishing emails.
- [Crypto and NFTs](https://get.cofense.com/2022-Q1-Phishing-Intelligence-Trends-Review-Global-Q122) became a **favorite target** for the adversaries, aligned with the growing public interest.
![Office 365 phishing protection](https://media.mailhop.org/phishprotection/images/2022/05/office-365-phishing-protection-9548.jpg) 

### Top Phishing Trends In 2022 So Far: Russia-Ukraine War And The Changing Phishing Landscape

For financial gains, adversaries took advantage of the rising global interest in the Russia-Ukraine conflict. Within two weeks of the war, 3,900 out of 5,000 newly added domains included text strings like “Russia,” “Ukraine,” “support,” “donate,” or their combinations. Several of these domains were [flagged as malicious](https://cybersecurityventures.com/russia-ukraine-conflict-from-digital-spillovers-to-phishing-sites/), while they called upon readers to **donate large amounts** to aid Ukrainians.

Malicious actors used these domains to carry out financial scams. Malicious actors also targeted those who supported Ukraine and launched opportunistic phishing campaigns. Victims received emails with Russia-Ukraine conflict-themed subject lines with links leading to pages with donation requests and easy payment methods. Other domains had additional text strings such as “news” and “live” and were used in campaigns targeting those actively interested in the war.

### The Return of EMOTET

When EMOTET was [disrupted](https://www.europol.europa.eu/media-press/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action) through coordinated international efforts of multiple law agencies in January 2021, nobody imagined that this cybercrime-as-a-service organization would revive. However, EMOTET reemerged soon with multiple adversarial attacks and started delivering advanced [phishing emails](/blog/sophisticated-new-tactic-makes-phishing-emails-harder-to-detect/). In some emails, URLs linked to malicious documents were embedded in the body rather than appear as attachments. Threat actors delivered an [MS Excel file](https://www.vadesecure.com/en/blog/q1-2022-phishing-and-malware-report) with **malicious macros** in another phishing campaign. This file had multiple sheets, including hidden ones and obfuscated strings to avoid detection.

Later, in [early 2022](https://usa.kaspersky.com/about/press-releases/2022%5Fkaspersky-finds-emotets-activity-grows-three-fold-in-just-one-month), EMOTET delivered [phishing emails with financial themes](https://get.cofense.com/2022-Q1-Phishing-Intelligence-Trends-Review-Global-Q122) during the US tax season. Individuals who needed to file tax returns were targeted with Excel files loaded with macros. The IRS logo made all elements look authentic, and EMOTET.dll files would download once the user accepted the request to enable macros.

### HTML Attachments in Phishing Emails

[Kaspersky](https://securelist.com/html-attachments-in-phishing-e-mails/106481/) and [Cofense](https://get.cofense.com/2022-Q1-Phishing-Intelligence-Trends-Review-Global-Q122) found that in Q1 2022, HTML files were the most common type of attachments used for phishing purposes. It is a standard method used by adversaries and more effective than deploying phishing content in the email body. Some attachments have a hidden link that redirects the users to phishing pages, and some have **phishing forms and scripts** embedded in them. HTML files allow implementing personalized phishing content using JavaScript. Usually, when a file sends data to a malicious URL or includes a malicious script, security tools can block it in real-time. However, in this case, threat actors use Java obfuscation to disguise HTML attachments to avoid it.

### How The Conti Ransomware Leaks Enhance The Understanding Of The Phishing Threat Landscape

[Conti](https://get.cofense.com/2022-Q1-Phishing-Intelligence-Trends-Review-Global-Q122), a [prolific ransomware-as-a-service](https://go.chainalysis.com/rs/503-FAP-074/images/Crypto-Crime-Report-2022.pdf) group’s source code, documentation, and communication [got leaked](https://www.techtarget.com/searchsecurity/news/252514047/Conti-ransomware-source-code-documentation-leaked) recently in retaliation by an anonymous person. [These leaks](https://www.cnbc.com/2022/04/14/conti-ransomware-leak-shows-group-operates-like-normal-tech-company.html) have become immensely valuable to cybersecurity experts and threat actors alike. They exposed the strategies, resources, and communications of a high-profile cybercrime group to be analyzed by cybersecurity experts. They also lay bare how easy it is to conduct phishing attacks for threat actors. New threat actors may find impetus by them to _improve their existing infrastructure_ to carry out [sophisticated attacks](/resources/history-of-phishing/).

### Brand Impersonation

So far, in 2022, [brand impersonation](/blog/the-surprising-facts-brand-impersonation-attacks/) has remained another **top threat** to individuals and businesses worldwide. In Q1, [Linkedin](https://www.globenewswire.com/en/news-release/2022/04/19/2424170/0/en/Social-Media-Network-LinkedIn-Ranks-First-in-List-of-Brands-Most-Likely-to-be-Imitated-in-Phishing-Attempts-in-Q1-2022.html) and [Microsoft](https://www.vadesecure.com/en/blog/q1-2022-phishing-and-malware-report) were among the top brands impersonated during phishing campaigns. Malicious actors leverage social and professional networking platforms such as LinkedIn and [WhatsApp](/blog/voice-phishing-surfacing-cyber-threat-whatsapp/) and tech giants like Google and Microsoft to lure victims into revealing their credentials.

Users receive seemingly authentic emails that deceive them and subsequently make them click on malicious links. These links open to fake URLs where users are required to enter credentials that they expose to the malicious actors behind them. These orchestrated phishing campaigns occur on a large scale to get maximum victims to divulge their login credentials and confidential and sensitive information.

![Phishing statistics latest figures](https://media.mailhop.org/phishprotection/images/2022/05/phishing-statistics-latest-figures.jpg) 

### Cybersecurity Best Practices For Phishing Protection

[Phishing emails](/content/stop-phishing-emails/report-phishing-emails/) can be difficult to mitigate and prevent and can _lead to huge losses for organizations_ if overlooked. Hence, organizations and individuals must establish and follow certain security practices to fight against the threat, as listed below.

- To counter [social media phishing attacks](/blog/social-media-impersonation-phishing-2022s-latest-wave-cybercrime/), organizations must control the use of personal devices by staff for office work.
- Today’s advanced phishing emails are clever enough to evade detection by humans and systems with a lax cybersecurity approach. Therefore, one cannot overemphasize the importance of corporate and individual cybersecurity training and education to reduce vulnerabilities within the organization.
- One can [spot a phishing email](/content/phishing-prevention/how-can-you-identify-a-phishing-email/) by checking for unusual or inconsistent content. Before clicking on links or opening attachments from unknown senders, a user must take due diligence. One must act upon any email asking for confidential or financial information only after verifying its authenticity. Individuals must check the SSL certificates of the URLs they visit.
- Organizations must deploy a robust [email security](http://duocircle.com) infrastructure, including SPF, DKIM, and [DMARC records](https://dmarcreport.com/dmarc-record/), and targeted threat protection. They must ensure that their email configurations are effective and that all security gaps are bridged.
- Businesses must also adopt **anti-phishing solutions** to protect individuals and organizations from [spear phishing](/blog/spear-phishing-the-spooky-to-compromise-sensitive-information/).
- Phishing simulators to test the efficacy of the cybersecurity framework and **staff awareness** must also be introduced by organizations as part of [anti-phishing training](/products/phishing-awareness-training/).

### Final Words

In the age of technological breakthroughs and disruptive innovations, cyber threats, such as phishing, are also sophisticated, raising serious challenges for organizations. However, the right research, solutions, and awareness will allow security administrators and individuals to _make the right decisions to protect their information networks_. So far, the phishing trends of 2022 appear as if they will continue in the coming quarters. Therefore, organizations should proactively deploy adequate resources, safeguards, and [anti-phishing tools](/content/anti-phishing-service/anti-phishing-tools/) to keep their operations unaffected by such attacks. Furthermore, threats like phishing call for organizations to adopt a proactive approach towards threats rather than a reactive one to stay ahead of the curve.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Trends in 2022 So Far, And What You Can Learn From Them","description":"Phishing Trends in 2022 So Far, And What You Can Learn From Them: Phishing is one of the most formidable threats in the cyber world today. Even though.","url":"https://phishprotection.com/blog/phishing-trends-2022/","datePublished":"2022-05-24T15:58:33.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-05-24T15:58:33.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-trends-2022/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1194,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/05/office-365-phishing-protection-9548.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Trends in 2022 So Far, And What You Can Learn From Them","item":"https://phishprotection.com/blog/phishing-trends-2022/"}]}
```