Published: October 3, 2022
We’ve cast the net for the most electrifying phishing statistics to help you understand the size and scope of the phishing problem and the threats you may face.
Phishing, a term commonly associated with email fraud, is one of today’s most prominent forms of cyberattack. Phishing schemes are becoming increasingly sophisticated, with targeted attacks threatening many businesses and individuals.
Read on to learn more.
Top 10 Phishing Stats and Facts
- A new phishing website is launched every 20 seconds.
- 91% of all cyber attacks start with a phishing email.
- 25% of phishing emails bypass Office 365 security.
- Brazil was the most targeted country by phishing attacks in 2021.
- More than 5% of phishing attacks involve social media.
- Social media phishing attacks doubled in 2021.
- 86% of organizations were subjected to social media attacks in 2019.
- The Department of Health was the most targeted government sector.
- Most employees who clicked on phishing emails were aged between 31 and 40.
- A Belgium bank was a victim of a scam that cost $75.8 million.
Global Phishing Facts and Statistics
Despite extensive efforts in the media and security programs to educate people on the dangers of phishing emails and techniques to detect them, the attacks continue worldwide.
You’ll be surprised by what we found about it, so read on.
1. 91% of all cyberattacks start with a phishing email.
Phishing techniques are used in 32% of all successful breaches, and most start with an email sent to an unsuspecting victim.
Moreover, there are over 2,200 cyberattacks daily, meaning a hacking attack happens every 39 seconds.
2. Most employees who clicked on phishing emails were between 31 and 40.
According to a survey conveyed in 2020, most employees worldwide who clicked on phishing email links were over 30.
However, employees who were 51 and older were the least likely to click on phishing email links but were also most unaware of what phishing was.
3. Distraction is the leading cause of employees clicking on phishing emails.
With that one email, the hackers could steal personal information, destroy important files, or hold computers hostage.
Furthermore, phishing scam statistics show that the employees who admitted to being duped into clicking on such emails said it was because the email looked legitimate or they believed someone within the organization sent it.
4. Every 20 seconds, a new phishing website is launched.
These websites include phishing attempts for the most searched entries during the pandemic, like unemployment assistance, PPP updates, and employee benefits.
Google blacklists over 70,000 WordPress-hosted websites weekly due to security issues, from which 50,000 are blacklisted because of phishing.
5. The Department of Health was the most targeted government sector by cybercriminals.
Healthcare phishing statistics show that in the fiscal year 2019, cybercriminals targeted the Department of Health and Human Services the most in the US. The sector experienced 7,608 cybersecurity attacks and 603 phishing or email attacks.
A healthcare facility’s data should always be stored on devices that are properly secured, physically and software-wise.
6. 25% of phishing emails bypass Office 365 security.
One report by Avanan in 2019 examined 55.5 million emails sent to organizations using Google G Suite and Microsoft Office 365.
According to the study, the phishing emails bypassing Office 365 security contain malicious links and attachments serving as the primary vectors.
Other findings show that 98% of emails containing a crypto wallet address and 33% including a link to a WordPress website are phishing attempts.
7. Brazil was the most targeted country by phishing attacks in 2021.
The country’s internet users were subjected to 12.39% of phishing attacks. France ranked second in terms of phishing attack percentage in 2021. Portugal came after France, with over 11%.
8. Blank subject lines appear in 67% of phishing attempts.
According to AtlasVPN, nearly 70% of all phishing email attempts have an empty subject line.
Furthermore, cybercriminals frequently use the subjects ‘Fax Delivery Report’ (9%) or ‘Business Proposal Request’ (6%).
9. 95% of BECs losses are between $250 and $985,000.
Notably, Business Email Compromise (BEC) is one of the most common causes of data breaches, with a median loss of $30,000.
10. 17% of the malicious data breaches in 2021 were due to phishing.
Phishing ranks second as the most frequent initial vector. Compromised credentials come first at 20%, and cloud misconfiguration is third at 15%.
Social Media Phishing Statistics
As the popularity of social media grows, so does the prevalence of social media scams. But what types of frauds are considered social media phishing?
Let’s find out!
11. More than 5% of phishing attacks involve social media.
(Source: PhishLabs / IT Governance)
Social media platforms continue to provide only minimal controls to prevent the spread of account takeovers. As a result, criminals use social media to trick people in various ways.
Instant messaging, posts, tweets, fake URLs, and cloned sites can all be used to trick people into downloading malware or disclosing sensitive information, as phishing statistics show.
12. 86% of organizations were subjected to social media attacks in 2019.
Proofpoint surveyed over 3,500 employees in 2020 from the US, Australia, Germany, France, Spain, Japan, and the UK.
84% of the organizations across the seven countries faced text phishing, 83% reported voice phishing, and 81% had malicious USB drops.
13. Social media phishing attacks doubled in 2021.
The financial sector was targeted the most, with 68%. The telecommunication sector was second with 24%.
14. Current phishing trends show that 12% of phishing URL clicks were accessed via social media.
(Source: University of Ottawa)
A study of over 7,000 malicious Bit.ly shortened URLs (drawn from a total of over 300,000 URLs) reveals that the vast majority were accessed directly, i.e., via email clients, instant messages, and apps.
However, 12.14% of phishing URLs were clicked on through social media and 3.67% through social networks.
15. Social media platforms were the most targeted category in Q1 2022.
(Source: Check Point)
Phishing attacks impersonating LinkedIn accounted for more than half (52%) of all attempts. It’s a lot, considering that this social media platform has millions of users.
Additionally, this figure represents a 44% increase over the previous quarter. Following LinkedIn are DHL with 14%, Google with 7%, and Microsoft with 6%, among the other impersonated brands in phishing attacks.
The Biggest Phishing Attacks
Do you want to know about some of the biggest phishing attacks? We’ll tell you about them here, so keep reading.
16. Between 2013 and 2015, Google and Facebook were duped out of $100 million.
It was a result of a lengthy phishing campaign. The criminals impersonated a Taiwan-based company, Quanta, and sent fake invoices, which both Google and Facebook paid.
Facebook and Google eventually uncovered the phishing act and took legal action in the US, but both recovered only $49.7 million.
17. A Belgium bank was the victim of a scam that cost around $75.8 million.
In 2016, Crelan Bank was a victim of a business email compromise scam. The phisher compromised the account of a company’s high-level executive and instructed their employees to transfer money to the attacker’s account.
The phishing attack was uncovered during an internal audit, and the company was able to absorb the loss.
18. Phishing stats show that FACC was hit by a cyber fraud that cost it $47 million.
A business email scam cost the Austrian aerospace parts manufacturer a lot of money. The company disclosed the attack in 2016, revealing that a phisher impersonated the company’s CEO and instructed an employee to transfer the money.
19. Ubiquiti Networks was a victim of an attack that cost it $46.7 million.
A business email compromise attack victimized this US-based computer networking company in 2015, phishing email statistics show. The attacker pretended to be the company’s lawyer and CEO and instructed a couple of transfers to complete a secret acquisition.
The FBI brought the incident to the company’s attention after they informed the company that its Hong Kong bank account may have been the victim of fraud.
20. Hackers targeted Sony employees with fake Apple ID emails.
(Source: Computer World / Inky)
Hackers sent a lot of spear phishing emails to Sony employees in 2015. They posed as Sony employees after researching the staff names on LinkedIn, sending malicious emails with malware to the employees.
Over 100 terabytes of Sony’s data, including user data, newly released files, and financial records, were stolen. This attack cost the company over $100 million in total.
People are enticed by fake correspondence, which often takes the form of social media or emails that lead to carefully crafted phishing sites.
These shocking phishing facts and stats show just how prevalent phishing still is, despite the rising awareness of the problem.
So, we must be cautious when using the Internet to avoid becoming victims of cybercrime.
How many phishing emails are sent per day?
Statistics show that 3.4 billion phishing emails are sent daily around the world, making it one of the most widespread types of cybercrime.
What are the latest phishing trends?
The latest trends attackers employ to gain access to your data and devices or to steal information include:
- Invoice phishing
- Payment/delivery scam
- Tax-themed phishing scams
- Phishing emails
- Spear phishing
How many phishing attacks were there in 2021?
(Source: Dark Reading)
Phishing statistics show that in 2021, 83% of organizations reported a successful email-based phishing attack in which a user was duped into performing risky actions.
This figure represents a shocking 46% increase over 2020.