Abstract:

Despite widespread claims of exponential phishing growth, empirical evidence remains fragmented and methodologically inconsistent. This study challenges conventional assumptions through systematic analysis of 2.3 million phishing incidents across three major databases (PhishTank, APWG, CERT Polska) spanning 2009–2025. Employing Mann-Kendall trend analysis and seasonal decomposition methods, we reveal a counterintuitive finding: while PhishTank data shows significant upward trends (τ = 0.656, p < 0.001), APWG demonstrates a strong downward trajectory post-2015 (τ = −0.486, p < 0.001), and CERT Polska exhibits extreme volatility with no
statistically significant long-term trend (τ = 0.295, p = 0.138). Our cross-database correlation analysis (r = 0.965 between CERT and APWG) suggests methodological artifacts rather than divergent threat landscapes. These findings fundamentally question the narrative of continuously escalating phishing threats [4] and demonstrate critical gaps in current threat intelligence infrastructure. We propose a unified measurement framework and identify three key research priorities for the cybersecurity community.