CHECKLINK AI
Back to Learn
Research Trends

Phishing Reports Explained: Sites, URLs, Campaigns, and Brands

A plain-English guide to the terms used in phishing activity reports and why counts can differ.

Updated 2026-07-06 - 6 min - Founders, analysts, security-aware readers, and content teams

Reports measure different units

A phishing report may count unique phishing sites, submitted URLs, campaigns, email subjects, targeted brands, or incidents reported by partners. Those are related, but they are not the same thing.

One campaign may use many URLs. One domain may host many pages. One brand may be targeted across many campaigns. Read the metric before comparing numbers.

Why the distinction matters

A business deciding whether to review customer links does not need to know only the total attack count. It needs to know which customer journeys are easiest to confuse: login, support, billing, QR, delivery, or account recovery.

Metrics can guide priorities, but workflows reduce day-to-day risk.

What APWG reports show

APWG's trend reports combine data reported to APWG and its partners, then summarize attack volume, sectors, BEC patterns, and emerging tactics such as QR phishing.

Use these reports as directional intelligence, not as a guarantee that your sector is or is not targeted.

How CheckLink helps

CheckLink translates trend signals into practical tools: scanners, preflight checklists, official link inventories, and manual review paths.

Checklist

Check what is being counted
Avoid comparing unlike metrics
Translate trends into workflows
Prioritize customer-facing links
Review high-impact links manually

FAQ

Are phishing URLs and phishing sites the same?

No. Multiple URLs can point to one site, and one campaign can create many URLs.

Should a small business read trend reports?

Yes, but the useful question is what actions the trend suggests for your workflows.

Related guides

Related glossary terms

Further reading

Use CheckLink before the next click

CheckLink provides risk signals and review paths. It does not guarantee that a website is risk-free.