Phishing Trends Over Time: An Empirical Analysis of Anti-Phishing Database Data

Despite widespread claims of exponential phishing growth, empirical evidence remains fragmented and methodologically inconsistent. This study challenges conventional assumptions through systematic analysis of over 18.2 million phishing incidents across three major databases (PhishTank, APWG, CERT Polska) spanning 2009–2025. Employing Mann-Kendall trend analysis and seasonal decomposition, we identify a consistent temporal pattern across all data sources: a significant increase in phishing incidents peaking around 2015-2016, followed by a sustained decline. However, the statistical significance of these trends varies considerably: PhishTank data demonstrates a strong upward trend during its observation period (τ = 0.656, p < 0.001), APWG shows a significant downward trajectory post-2015
(τ = −0.486, p < 0.001), while CERT Polska exhibits high volatility without statistically significant long-term trends (τ = 0.295, p = 0.138). High cross-database correlation confirms consistency in trend patterns across independent sources. These findings fundamentally question the narrative of continuously escalating phishing volumes and suggest a strategic shift from mass, indiscriminate campaigns toward more sophisticated, targeted attacks that evade traditional detection mechanisms. The documented decline in reported incidents does not indicate reduced threat severity but rather reflects attacker adaptation and evolution in social engineering techniques.