Phishing is the most common form of cybercrime and is widespread across industries. Phishing attacks are deceptive communications masked as trusted voices aimed at luring people into revealing sensitive information.
They are getting more sophisticated and target-oriented as the technology evolves. Are you aware that 91% of all cyber-attacks begin with a phishing email? Shocking, isn’t it?
These statistics showcase that regardless of our tech-savviness, anyone can fall victim to a well-executed phishing attack.
As we navigate the ever-evolving world of online threats, it is crucial to understand the tactics used by phishers and learn to identify their red flags.
This post explores the world of top Phishing data, covering topics such as global attack trends, countermeasures, and awareness strategies that various global brands have adopted, types of attacks and their prevalence, victim demographics and impact, etc., that will help equip us with knowledge and safeguard our precious online identities.
Cybersecurity is not just a technical challenge; it’s a human challenge, said James Clapper, former US Director of National Intelligence.
Let’s look at global statistics concerning how effective these scams are despite efforts made to prevent them.
Phishing: A Looming Threat in Numbers
- Spam Flood: A staggering 3.4 billion spam emails flood our inboxes every day.
- Malicious: 1.2% of emails are malicious traps masked as innocent messages.
- Google’s: Every day, Google stands strong, deflecting around 100 million phishing emails, shielding us from these digital dangers.
- Human Factor: Verizon’s 2022 DBIR reveals a sobering truth – 82% of data breaches involve human manipulation through phishing or stolen credentials.
- BEC: Business email compromise (BEC) attacks surged in 2022, with detections rising 35% to 383,928, highlighting the vulnerability of professional communication.
- Breach Bill: Data breaches hit hard in 2022, averaging a hefty $4.35 million per incident.
- Lost Millions per Minute: Astra Security reveals a staggering figure – businesses bled nearly $1.7 billion per minute in 2021 due to phishing scams.
- Expensive Toll: Spam emails aren’t just annoying; they’re costly. Businesses lose a staggering $20.5 billion annually to these unwanted messages.
- Customer Churn Costs: Revenue isn’t immune to phishing either. 46% of organizations saw customer churn triggered by these attacks, demonstrating the broader consequences.
The financial consequences of phishing are alarming, as can be seen from these amazing statistics. There are ways to guard against being a victim of this type of attack, though, which include training employees and installing good email security as well as vigilant online behavior. Keep safe by staying on your toes in the modern world of information communication technology.
Frequency of Phishing attacks
150 billion spam emails are sent daily, many containing phishing links
With over 150 billion spam emails being sent daily, it’s no wonder that they make up a significant 45% of all global email traffic. Leading countries include the USA, China, Russia (responsible for nearly 30%), and Brazil.
Phishing attacks were the most common cybercrime reported to the FBI in 2022
Cybercrime raked in over $10 billion in 2022, with more than 800,000 victims reporting to the FBI’s Internet Crime Complaint Center (IC3). The most prevalent crime was phishing scams, accounting for over 300,000 complaints.
Surprisingly, investment schemes resulted in the highest financial loss to victims – a first for IC3 data. Citizens aged between 30 and 39 were the biggest reporting group, while those aged above 60 suffered from the greatest monetary damages.
83% of organizations worldwide experienced at least one phishing attack in 2023
Verizon published the 2023 Data Breach Investigations Report (DBIR) with interesting stats about the state of cyber threats. According to an in-depth analysis of several organizations, findings had indicated that around 83% or a large majority had suffered at least one phishing attack in the past year.
The report also detailed social engineering attacks, which account for 82% of breaches and are often sneakily represented through fraudulent emails or pretexting scams.
Spam & phishing soared in 2022: Nearly half of emails were spam, many with phishing scams
According to Statista, almost half of the world’s emails were spam, raising concerns about online security and communication effectiveness. While a slight increase from 2021, almost half of all emails worldwide were categorized as spam in 2022. The decline in spam since 2011 showcases improved filtering systems and user awareness, but vigilance remains crucial.
54% of successful phishing attacks end in customers’ data breach
In 2021, 54% of phishing attacks resulted in a customer or client data breach, and 48% led to credential and account compromise. Shockingly, 83% of organizations were victims of successful attacks based on data collected by the Atlas VPN team.
Proofpoint 2023 Phishing Stats
In its ninth annual State of the Phish report, Proofpoint delved deep into the complex world of phishing techniques. Its findings reveal how attackers continue to gain an advantage and shed light on their most widely utilized tactics.
Some of the top staggering statistics include the following:
44% of individuals believe that branded emails are trustworthy, yet over 30 million malicious messages in 2022 were disguised with Microsoft branding or products.
Also, another unique way adopted by hackers is telephone-based attacks, resulting in around 300-400 thousand attempts per day and reaching a peak of 600K daily in August.
All these phishing attacks resulted in a direct financial loss rise of 76%. Interestingly enough, user reporting played a significant role in thwarting approximately one out of every ten threats at an outstanding total number count exceeding 75 million.
Microsoft phish surge: Up 10% in Q4, now 41% of credential theft scams
Not surprisingly, with Microsoft products so pervasive in organizations around the globe, this suite provides a rich source of targets for cyber-criminals. As indicated by Fortra’s 2023 BEC Trends, Targets, and Changes in Techniques Report, the Credential Theft for Business Email Compromise (BEC) had been trending up after a decline was witnessed in H2/2022. Actually, in Q1, Credential Theft was at the top of all email impersonation threat types.
This increase was driven largely by a quarter-over-quarter spike in phishing emails impersonating Microsoft O365, making up nearly 41% of all Credential Theft Phishing.
Victims & Impact
Gen Z & Millennials are most hit by scam emails
In today’s digital age, there is a belief that older individuals, who may not be as familiar with technology, are more susceptible to online scams. Yet recent data analysis by the Atlas VPN team reveals this isn’t the case at all.
Surprisingly enough, Millennials and Gen Zers in the U.S. fall victim to phishing emails more often than their older counterparts. In fact, 23% of those from Generation Z and Millennial generation have been deceived by these fraudulent emails in the past.
Multiple resources claim that 90% of all cyberattacks begin with phishing
Statistics show that 80 to 95% of cyberattacks are initiated through phishing emails.
- CISCO’s latest Cybersecurity Threat Trends report reveals that an overwhelming 90% of data breaches occur due to successful phishing attempts.
- Cloudflare’s Phishing Threats Report predicts that this trend will continue, as email-based phishing accounts for nearly 90% of all cyberattacks by 2023.
- In line with these findings, Comcast Business highlights that roughly 80% to 95% of cyber threats originate from successful attacks using email phishing.
Data breach BOOM: Average cost hits $4.45M (up 15% in 3 years)
IBM published a report on data breaches in 2023 based on answers provided by the majority of more than 550 organizations that experienced respective incidents. The report reported that the average cost of a global data breach was USD 4.45 million, which is an increase of 15% within three years.
The report also showed that businesses that use advanced technology like artificial intelligence and automation can save as much as USD 1.76 million compared to those that do not extensively use the same.
Finance, energy, and manufacturing top the target list
Mostly, the victims of elevated rates of phishing attacks are finance, energy, and manufacturing businesses. Recent statistics reveal that the energy sector is targeted at 60%, followed by finance and mostly the manufacturing industry at 46% and 40%, respectively.
1 minute, $1.7 billion gone: Phishing attacks hit hard in 2021
According to one report, globally, almost $1.7 billion was lost per minute in 2021 as a result of phishing attacks, causing a 65% increase in global losses between July 2019 and December 2021.
Types & Trends
Bulk phish reigns supreme: Hitting 85% of companies in 2022
According to Statista, in the current digital landscape, cybercrime poses a significant risk as it takes on various forms and platforms. The most common form is bulk phishing, with 85% of global companies falling victim in 2022.
Smishing threat alert: 75% of organizations fell victim in 2022
In 2022, there has been a notable increase in mobile phishing, also known as smishing. According to Proofpoint data, 75% of organizations encountered this non-email-based threat, making it 5th top attack. This form of attack includes SMS phishing, vishing (voice phishing), and quishing (QR code phishing).
More than half of phishing attacks used spear phishing attachments
The X-Force Threat Intelligence Index 2023, the IBM Security report, gives reasonable intelligence for security teams as well as business leaders to better understand threat attacks. One of the outstanding factors the report expounded on was that more than half of all effective phishing attacks used spear phishing attachments, therefore making it one of the most critical concerns for organizations seeking proactive protection measures.
Smishing hotspots: Peru & Bahamas phished hardest in 2022
The phishing tactics continue to incline much the same way how technology continues to. One of these methods is called smishing, where phishing attacks are delivered through mobile phones.
Statista report shows in 2022, a whopping 75% of organizations across the globe had fallen prey to this type of attack. Indeed, countries such as Peru and the Bahamas have the highest number of reported cases relating to stolen credentials through smishing schemes.
Delivery phishes soared in 2022: 27% of attacks
Finances took center stage in phishing in Q4 2022, with software and emails close behind. A research report states that delivery services weren’t spared either, catching over 27% of attacks. Business & media took the financial hit while engineers flunked most often at phishing tests, raising a digital training red flag.
Phishing breaches hide for nearly a year (295 days) โ the third longest cyber threat
As per IBM data breach report, Leaky passwords control supreme in data breaches, taking 327 days to find and costing millions. Business email scams linger for 308 days, also at a hefty $4.89 million per hit. While phishing is detected at 295 days, its initial bite is the worst, averaging $4.91 million.
Countermeasures & Awareness
In the above section, we have details about phishing attacks and associated costs, trends, industries affected, etc. In this sub-section, we will see how top organizations are taking measures to prevent phishing attacks.
Google blocks around 100 million phishing emails daily
Google spam fighting arsenal just got sharper! Powered by TensorFlow, its new defenses block 100 million more spam messages daily. This AI helps catch tricky spam like hidden content, image-based messages, and even messages from brand newly created domains.
33.2% of employees globally fall for phishing before training
The figures of KnowBe4 2023 Phishing by Industry Benchmarking Report highlight the results of security awareness training for the employees. The report says that before the training, about 33.2% of the staff members were not able to pass a phishing test. This has been reduced to 18.5% after a period of 90 days of training and then again to 5.4% after a year of training.
The engineering, aerospace, and mining sectors have the highest failure rates in phishing simulations
The susceptibility of different industries to phishing attacks revealed some surprising trends in a recent global survey. Statista report shows that Electronics manufacturers topped the list of vulnerable sectors, with a concerning 14% of employees falling for simulated phishing attempts. This was followed by aerospace and mining companies with a 13% failure rate. Conversely, legal firms showed significant improvement from last year’s 11% to become the industry with the lowest failure rate in 2022.
Impersonation champions: Amazon, Google, Facebook, WhatsApp
AstraSecurityAudit: Top Brands Most Spoofed for Phishing: Amazon, Google (13%), Facebook, Whatsapp (9%), Netflix, Apple(2%)
Phishing consumes half of IT pros’ cybersecurity time
IronScales says that 52% of the time, Cyber professionals are dedicated to managing cybersecurity issues and is named as the most resource-consuming attack type by 37%.
40% fall for fake urgency in HR emails, skipping crucial verification
Email security is a top priority for all types of businesses, as hackers take advantage of our routine behavior and urgency. The latest analysis from KnowBe4 shows that 40% of such deceptive messages targeted at manipulation imitate HR messengers with an aim to treat employees in terms of job stability or lack of time.
Thus, the disguised phishing links may comprise malicious attachments and requests as if they would be carried from an HR department.
US phishing attack costs skyrocketed from $3.8M in 2015 to $14.8M in 2022
Hippa Journal: Healthcare now faces a $14.8 million hit per attack, four times 2015’s costs. Not only do fake emails sting for $6 million in recovery, but lost work hours eat up another 65,343, putting a double whammy on operations and budgets.
Final Words
As technology and tactics change rapidly, it is important to remain vigilant against the shifting landscape of phishing attacks. Assuming ignorance or incompetence can easily lead to disastrous results in terms of financial and operational impact.
We should treat this looming threat with seriousness; although alarming figures may be quite dispiriting, there are some encouraging developments in technology as well as security that can give hope for fewer incidents of successful phishing attacks.
By the interplay of people and organizations, we can effectively create a more secure digital environment within which transactions and communication can confidently take place.