Phishing Statistics

Phishing Statistics image

In a digitized world where so many transactions and interactions happen online, the threat from cyberattacks is more than real. Phishing is a common term associated with these illicit activities and is often connected with email or message fraud. For things to get worse, new forms of phishing schemes are constantly evolving to outsmart counter-measures organizations are taking globally. Check out these phishing statistics to learn more about the latest trends in this area and how to protect yourself from these attacks.

Phishing Statistics (Editor’s Choice)

  • In 2020, phishing emails comprised up to 54% of all digital vulnerabilities. (Statista)
  • 84% of organizations witnessed phishing or ransomware attacks in 2020. (IT PRO)
  • The global cybersecurity market is projected to reach $345.4 billion by 2026. (Globe Newswire)
  • Over 71% of targeted attacks represent spear phishing. (ClearedIn)
  • 60% of companies lost data due to phishing. (Tessian)
  • 97% of people globally can’t identify phishing emails correctly. (Business Wire)
  • One in every 99 emails is a phishing attack. (Clearedin)
  • People open 30% of phishing messages. (Clearedin)

General Phishing Facts and Statistics

1. Phishing is the third most common type of scam reported to the FBI.

Phishing is one of the most common cyberattacks reported to the FBI regardless of companies’ size, location, or industry. However, this is not surprising since these scams have one simple thing in common. The attackers don’t aim to infiltrate systems but target the weakest link — employees. They only need one out of a thousand employees to open an email and click on an attachment to complete their ‘mission,’ phishing statistics reveal.


2. In 2020, phishing emails comprised up to 54% of all digital vulnerabilities.

Phishing is a common type of fraud often sent via emails to lure recipients into fraudulent actions. Victims receive fake messages, and these often lead to sophisticated phishing sites. Most of these attacks often happen because of outdated user practices. The lack of cybersecurity training also goes hand in hand with successful phishing attacks.


3. 84% of organizations witnessed phishing or ransomware attacks in 2020.

Based on phishing attack statistics, most organizations in the US had some incident involving ransomware or phishing in 2020. The same research confirmed that most of these organizations were ineffective in fighting back against these attacks.


4. The most common attacks were business email compromises, with 53%.

In line with the research, there are 17 types of most common security incidents. Most phishing attacks came in phishing and ransomware, with BEC being number one. Next on the list are phishing messages with malware infections (49%), followed by account compromises (47%). Only 37% of organizations believe they were effective in counteracting 11 of 17 attacks. Around 63% believe they were highly effective against 10 or less of these threats, phishing statistics reveal.


Most Common Security Incidents

5. In Q3 2021, a surge of over 400,000 unique phishing websites occurred.

The coronavirus only accelerated the growth of phishing attacks across the globe. In fact, data about recent phishing attacks shows that the number of unique websites used for scams continued growth in Q3 and Q4 2021. Additionally, two of the most popular countries targeted by phishing attacks were Mongolia and Israel.


6. The global cybersecurity market is projected to reach $345.4 billion by 2026.

Increasing awareness and rising investments in the cybersecurity infrastructure are driving the market growth. Another important contributor are cybersecurity companies, continuously finding new ways to fight the rise of cyberattacks and phishing, statistics worldwide show. Hence, its growth is set to rise at a CAGR of 9.7% between 2021 and 2026. The cloud segment grew faster and had a more significant market segment than the on-premises one in 2021.

(Globe Newswire)

7. In 2020, only 18% of cybersecurity professionals cited an increase in digital attacks.

After the initial shockwave of the pandemic, not many professionals in the cybersecurity area claimed they experienced a rise in attacks. Also, more than half said they had noticed no change, phishing statistics confirm. However, a year later, almost half of those surveyed claimed to have seen a slight increase in attacks.


8. Over 71% of targeted attacks represent spear phishing.

Normal phishing typically has a broader audience, luring the mass public to click on the malicious content. Alternatively, spear phishing targets a particular organization or a person. The most targeted attacks include this sort of scam, sent as a personalized email. It often impersonates someone the recipient knows using the information about that person, spear phishing statistics indicate.


9. The average data breach cost to businesses is around $3.68 million.

The cost of phishing attacks (or any other types of breaches) is substantial for any organization. The larger the breach, the bigger the costs for the company. For instance, a loss of five to 10 million records costs $50 million, while losing over 50 million records can go up to $392 million.


10. Financial services are the most targeted by phishing attacks, with 60% more attempts than higher education.

Financial services have the highest exposure to phishing, facts confirm. CISCO’s data points out that higher education is next on the list. When it comes to industries receiving many scam emails, retail leads with 49, followed by manufacturing with around 31 emails per worker per year. Next is the F&B sector with 22, followed by Research and development, with 16, and tech, with 14 emails per worker per year.


Industries Most Targeted by Phishing Emails

11. Nearly one out of five organizations conduct employee training on phishing once a year.

According to phishing statistics, raising awareness about phishing and other cybersecurity threats among employees is crucial in a world of constant threats. Cybersecurity statistics suggest that the lack of awareness leads to a data breach. In fact, 25% of all data breaches originated from phishing, and 85% of breaches include the human element.

(Expert Insights)

12. 60% of companies lost data due to phishing.

Typically, there are three most frequent sorts of data stolen in these attacks. First, it’s credentials like pass, pin, and username. After getting the users' personal data (name, address, email), attackers steal medical information (treatment, insurance claims).


Email Phishing Statistics

13. 97% of people globally can’t identify phishing emails correctly.

Latest phishing emails have become so sophisticated that many people fail to identify the malicious ones. In line with the recent findings from Intel Security, consumers who were asked to identify phishing attempts among 10 emails compiled and presented, almost all failed in doing so. Namely, out of 19,000 respondents from 144 countries, only 3% were precise in pointing out the correct examples. Moreover, 80% misidentified at least one of the phishing emails, phishing statistics confirm.

(Business Wire)

14. Over 40% of employees assumed that phishing emails they received came from senior executives of their company.

Besides many employees who were too distracted and clicked on the phishing emails, there are those who were legitimately fooled. So most successful phishing emails look like they came from the senior executives of the company. This speaks volumes about the efficiency of spear phishing and its danger to the organization.


15. One in every 99 emails is a phishing attack.

According to phishing email statistics, on a sample of 55 million emails, one in 99 carries malicious content. What’s worse, 25% of these emails manage to penetrate Office 365, the most popular office suite globally. For reference, this package has over 60 million users, which makes it susceptible to further phishing attacks.


16. Up to 42% of those between 16 and 24 years confirmed making cybersecurity mistakes, but the company never found out.

Typically, the largest number of mistakes and accidental clicks on suspicious emails came from those between 31 and 50 years old. However, it seems younger people are better at covering their wrongdoings (42%), compared to 8% of those aged 55 and older. Similarly, the number of 35 to 54-year-olds responsible for the same is also much lower.


17. People open 30% of phishing messages.

Phishing scam statistics suggest that the rates of opening phishing messages are constantly on the rise. For reference, this rate was 23% in the past years. All of this happens despite the common push by organizations to raise cybersecurity awareness among their employees. However, many attacks have become more sophisticated, moving even out of email and traditional channels to outsmart the educational efforts of companies.


18. Attackers install 66% of all malware via malicious email attachments.

Despite the common belief that hackers use powerful coding skills to break into systems, it’s not quite true. Namely, most malware enters companies’ systems via phishing attacks. In fact, 90% of data breaches and incidents involve a phishing element. Therefore, it’s important that companies use adequate email encryption software to protect their operations better.


Social Media Phishing Statistics

19. One-third of IT professionals have experienced the rise of social engineering attacks distributed via other communication platforms.

Although most common phishing attacks end up on users' emails, attackers have started using other methods and channels. These include video conferencing platforms (44%), cloud-based sharing tools (40%), and SMS (36%). Besides them, many phishing is targeted toward webmail and SaaS users (34.7%).

(Expert Insights)

20. Messages on LinkedIn account for 47% of all social media phishing attempts.

According to the latest phishing trends, social media have become a common ground for this type of attack. LinkedIn primarily has received the hardest blow. Typically, emails ‘from LinkedIn’ about password reset or info on prospective connections are the best way to lure people to this network. Since the beginning of the pandemic, with so many jobless people on the market, it’s much easier to deceive people with fake ‘People are looking at your LinkedIn profile.’

(Expert Insights)

21. Approximately 19% of social media accounts that appear to be top brands are fake.

In line with phishing statistics, social media have become the perfect place to exchange personal information. Top brands often use social networks to communicate with their customers, making these networks ideal for hackers. They use fake accounts that look like the ones of the brands and lure customers into sending data. Hence, it’s important to warn clients to use only pages that have verified badges.


22. Recent phishing attacks aimed at Snapchat resulted in the public exposure of over 50,000 usernames and passwords.

With over 188 million active users per day, this platform has become a breeding ground for malicious attacks. If we consider that teenagers and young people are its core users, it’s not surprising. A phishing attack that targeted this company a few years ago resulted in the exposure of users' data. This attack came in the form of a link sent to users through a compromised account. When they clicked on the link, users opened the website mimicking the Snapchat login page. Further, this page collected the usernames and passwords, and later hackers released this data on phishing websites.


Global Phishing Statistics

23. The US ranked 27th in Intel’s survey of 144 countries’ ability to detect phishing.

Namely, Intel’s survey demonstrated that most people could not identify phishing scams. However, some countries fared better than others. For example, the US registered a 68% accuracy in detecting phishing emails. Within the US, users from Iowa answered the most questions correctly, with 68% precision. After them, New York and California registered solid results with 66.44% and 65.73%, respectively. However, North Dakota scored the lowest percentage of correct answers (56%).

(Business Wire)

Select Countries and US States by Level of Accuracy at Detecting Phishing

24. Since the pandemic, one in three Canadians has received a phishing attack.

The coronavirus pandemic pushed the number of phishing scams in all parts of the world. In line with the phishing statistics, Canada is no exception. Most scammers use some things and issues Canadians deeply care about to trick them into opening these emails and completing the action.

(Get Cyber Safe)

25. France is the third-largest country by the share of attacked users.

Anti-phishing protection was triggered on devices belonging to 17.90% of French Kaspersky users. So it’s pretty close to the top of the list, following two other countries — Brazil with 19.94% and Portugal, with 19.73% attacked users.


Top Three Countries Worldwide by the Share of Attacked Users

26. One in 3,722 emails in the UK classifies as a phishing scam.

According to phishing statistics, the UK has 20% more emails containing phishing scams than the global average. Every 19 seconds, attackers hack one small business in the UK. Further, 4,500 out of about 65,000 attempts to hack SMEs each day count as successful.


27. In 2020, Venezuela and Brazil faced the highest number of phishing attacks in the Latin American region, or 19.94% and 16.84%, respectively.

According to phishing attack statistics, aside from being one of the top countries in the world with the most phishing attacks, Brazil was also at the top of the list in the Latin American and Caribbean region for the same reason. Following Brazil, the countries with the most phishing attacks are Venezuela (16.84%) and Ecuador (15.6%). Next are Panama (14.84%), Chile (14.83%), Bolivia (14.27%), and Colombia (13.75%). Likewise, Brazil had the most ransomware attacks in the region.


Countries With the Highest Number of Phishing Attacks in the LAC Region

28. In 2020, Australians reported over 44,000 phishing attacks.

According to phishing statistics, Australia saw a 75% increase in phishing attacks in 2019/2020. Namely, in 2019, Australians reported 25,168 attacks of this kind. The most common scams that occurred in 2020 involved investment scams ($66.4 million lost), dating and romance tricks ($37.2 million), false billing ($18 million), threats to life or arrest ($11.5 million), and finally online shopping ($8.4 million).


29. 83% of IT teams in India claim the number of phishing emails targeting employees in their organizations increased in 2020.

In 2020, the pandemic brought many challenges to IT teams in organizations across the nation. However, based on phishing statistics, India has a good base of cybersecurity protocols built to protect against such attacks. In fact, 98% of organizations have implemented some cybersecurity awareness programs to counteract phishing.


30. Japanese police registered around 412,000 spear phishing emails in 2020.

Despite the significance of this figure, it also represents a decline for the second year in a row. Spear phishing emails target specific people and companies and often involve word files.


31. Security departments of the Philippines recorded a 200% rise in phishing attacks since the first lockdown.

In line with phishing statistics, the Philippines has tried to enforce legislation that will put all socially engineered scams under control. However, the pandemic has pushed these efforts backward. So far, phishing is the top cybercrime committed on this island nation during the pandemic. Moreover, the country has issues with online selling scams and fake news.

(OpenGov Asia)

Biggest Phishing Attacks

32. In 2021, Colonial Pipeline paid $4.4 million for the decryption key after attackers crippled their operations via phishing email.

The ransomware attack, most probably triggered by a phishing email, caused some damage to millions of Americans in May 2021. Email phishing statistics reveal that Colonial Pipeline’s billing and network operations were compromised and had to be stopped. Although the cost of this breach was never fully evaluated, Colonial paid the attackers $4.4 million for decryption. Also, due to the company’s closure for a week, 20 billion oil gallons didn’t go to their destinations.

(IT Governance)

33. Facebook and Google fell victim to a fake invoice scam between 2013 and 2015, losing nearly $100 million.

At the time, the two tech giants both used Taiwanese infrastructure supplier, Quanta Computer. A Lithuanian, Evaldas Rimasauskas, sent a series of multimillion-dollar invoices that were great replicas of the originals. Phishing statistics indicate that this led to losing millions. When he was discovered, only half of the money was recovered, and he was sentenced to five years in prison in 2019.

(IT Governance)

34. Sony Pictures lost 100 terabytes of data because of spear phishing emails sent to their employees.

Hackers researched the names of employees on LinkedIn and posed as colleagues, sending malicious emails containing malware. Among the data stolen were financial records, newly released files, and customer data. The attack cost the company over $100 million.


The Bottom Line

Unfortunately, phishing attack statistics point out that most of these schemes constantly evolve and become more sophisticated. With the expansion of digital interactions, they’re bound to worsen. Although there are some options to prevent these attacks, in the end, it all falls on raising awareness. So keep educating employees about the elaborate schemes that could come their way and teach them to identify and report them.

Phishing FAQ

What percentage of cyberattacks is phishing?

According to 2019 statistics, one-third of all cyberattacks started with phishing. With the Covid-19 pandemic, things got much worse. Namely, since February 2020, phishing attacks have increased by a staggering 600%, phishing attack statistics show.

(Safeguard Cyber)

How many phishing emails are sent daily?

Phishing attacks are simple but effective means for cybercriminals. Many of them end up in people’s inboxes every day. Based on spam statistics, over three billion emails as part of phishing schemes arrive daily, accounting for 1% of all email traffic. To make matters worse, they are all designed to look like they come from trusted senders.


How many businesses are targeted by spear phishing attacks each day?

Targeted attacks on companies have become more frequent lately. More commonly known as spear phishing, these attacks were the predominant infection channel for 65% of active attacker groups. In line with statistics on phishing attacks, 35% of businesses were victims of spear phishing.


What percentage of people fall for phishing?

It seems that phishing is often hard to recognize. In fact, 97% have difficulties identifying a phishing scam. Most people wouldn’t fall for the ‘Nigerian Prince’ scam today since attacks have evolved ever since. As a matter of fact, only 30% of phishing messages end up opened because attackers are fighting the raised awareness. Sometimes, they use social media such as Slack and other communication platforms.


What is the success rate of phishing attacks?

In line with the recent findings, around 83% of survey respondents witnessed a successful phishing attack in 2021. This is a significant jump from 2020’s 57%.


Which country has the highest email phishing rate?

According to phishing stats, with 12.39%, Brazil is the number one country with the most frequent attack rates. France is the second nation on the same list with 12.21%, followed by Portugal (11.4%).


Where do most phishing emails come from?

One cloud security provider teamed up with the University of Columbia to determine where most phishing emails come from. Results show that countries with more than 1,000 emails sent were Palestine, Kazakhstan, Iran, Columbia, Serbia, Ukraine, Puerto Rico, Bahamas, Russia, Ukraine, Latvia, and Lithuania.

(Hindustan Times)

What percentage of phishing emails are opened?

Phishing statistics indicate that users open around 30% of phishing emails. Likewise, 12% of targeted users click on the link containing malware in the attachment.

(Security Boulevard)

What is the most common type of phishing?

The most common and popular type of phishing is happening via email. Criminals register a fake domain that usually imitates an actual organization’s email or domain. Afterward, they send phishing emails to thousands of addresses. The fake domain often has some character substitution to mimic the original better. A more targeted and sophisticated form of email phishing called spear phishing is more targeted, better prepared, and a malicious email sent to a specific person, phishing attacks statistics show.

(IT Governance)

What is whaling in phishing?

Whaling is a targeted attack with the same goal as phishing, only aimed at senior executives. It often masquerades as a legitimate email encouraging targets to complete some form of secondary action such as a wire transfer of funds or similar. It’s frequent among those attacking financial organizations and payment providers.


What is the difference between phishing and spam?

The core difference between these two is that phishing has an objective to steal login credentials and other data. Although annoying and inbox-clogging, spam messages aren’t as dangerous as phishing, statistics confirm. In fact, spam may be a tactic for promoting products or services by sending emails to people who haven’t signed up for them.


Be the first to comment!