Skip to content

Phishing Attacks Statistics Upto. Feb 2026

phishing attacks statistics

Phishing is no longer just a suspicious email in your spam folder, it is a sophisticated, multi-billion dollar cybercrime enterprise.

In 2025, the numbers tell a stark story: phishing now accounts for the majority of cyberattacks globally, with AI-powered scams and session hijacking making traditional defenses obsolete.

Below, we break down the most critical phishing statistics of the year, sourced from leading cybersecurity research firms.

In this post, we have gathered all data regarding phishing attacks all over the world with statistics.

2026 – Phishing Attacks Statistics

Phishing has overtaken ransomware as the top cybersecurity concern for business leaders, according to the World Economic Forum’s Global Cybersecurity Outlook for 2026.

The report, produced in collaboration with Accenture, surveyed global business leaders and revealed that 77% have reported an increase in cyber-enabled fraud and phishing overall, while 73% claimed that they or a business leader they know had been affected by it.

There has been a 703% increase in credential phishing in the last year, according to Varonis’ State of Phishing report.

Threat actors are using AI to write phishing emails in multiple languages, reducing the time it takes to launch threat campaigns and making them more convincing.

AI-powered phishing emails are now near-flawless, contextually accurate, and eerily personal, mimicking colleagues, brands, and even your own writing style.

Public Administration accounts for 24.08% of phishing attacks, followed by Information Services at 19.45%, according to SOCRadar’s 2026 U.S. Threat Landscape Report.

77.9% of phishing pages now use HTTPS, reducing users’ ability to identify malicious sites based on the absence of the padlock icon.

The most prevalent threat type among phishing email attachments is phishing (67%), where attackers replicate the layout, logos, and fonts of login pages and promotional pages using scripts such as HTML to steal account credentials.

Key Statistics on the Rise of Phishing in 2025

Phishing now accounts for 77% of all observed cyberattacks, a significant increase from 60% in 2024.

The APWG observed 1,130,393 phishing attacks in Q2 2025 alone, the largest quarterly total since 2023.

An Interisle Consulting Group study found nearly 1.96 million phishing attacks over a 12-month period, a 182% increase since 2021.

Phishing became the leading initial attack vector for ransomware, cited by 35% of affected organizations, up from 25% in 2024.

ClickFix schemes, which trick users into running malicious code, surged by over 500% and now account for nearly 8% of attacks.

Vishing (voice phishing) incidents increased by 449% compared to the previous year, with 77% of fraudulent calls using AI-generated voices.

Malicious SVG (Scalable Vector Graphics) file attachments saw a 50-fold increase in usage, becoming one of the fastest-growing attachment types.

Adversary-in-the-Middle (AitM) phishing kits became commoditized, allowing attackers to bypass multi-factor authentication (MFA) by stealing session tokens in real time.

Over half of all phishing sites were hosted by U.S.-based companies, making the U.S. the top hosting location for the fifth year running .

Abuse of legitimate business platforms (like QuickBooks, Zoom, Salesforce) for phishing attacks rose by 67%. DocSend was identified as the most abused service of the year.

HR-related topics were the top phishing lure in January 2025, accounting for 33% of attacks, while Valentine’s Day promotions made up 35% of lures in February.

The average amount requested in Business Email Compromise (BEC) wire transfer scams soared by 97% in Q2 2025, reaching $83,099.

In a separate report, real estate professionals were found to face a disproportionately high volume of phishing attacks compared to other industries.

Infostealer malware, often delivered via phishing, compromised nearly 50% of all corporate users.

Phishing Attacks Statistics – 2024

Phishing was the top cybercrime in the United States by number of victims, with the FBI’s Internet Crime Complaint Center (IC3) receiving 193,407 phishing/spoofing complaints in 2024.

This number was more than double the next most-reported crime (extortion) and three times as many as personal data breaches.

Globally, Kaspersky security solutions blocked over 893 million phishing attempts in 2024, a 26% increase from the previous year.

One analysis found that 2.3% of all unwanted emails reaching business inboxes contained malicious content, totaling 427.8 million malicious emails.

The number of users encountering mobile banking Trojans grew 3.6 times compared to 2023, rising from 69,200 to 247,949.

Cryptocurrency-related phishing attempts surged by 83% , with Kaspersky technologies blocking over 10.7 million such attempts.

The Mamont Trojan family was particularly active (37%), often spread via fake online stores and manipulated delivery tracking apps.

Banks were the most popular lure in financial phishing, accounting for 42.6% of attempts.

Amazon was the most frequently abused online shopping portal, imitated in 33% of phishing pages targeting online shoppers .

PayPal remained the most frequently imitated payment system, though its share fell to 37.5% .

Mastercard-related phishing attacks nearly doubled from 17% to 31% .

Netflix was imitated on 16% of phishing pages targeting streaming services .

Alibaba saw an increase in phishing attempts, rising from 3% to 8% .

Shipping brands, such as DHL and FedEx, were identified as the most impersonated brands online in another report, while DocuSign and Facebook also saw impersonation attempts more than double.

While phishing scams resulted in over $70 million in direct losses, Business Email Compromise (BEC) attacks, often initiated by phishing, led to staggering losses of $2.7 billion.

10 Top Alarming Phishing Facts & Statistics (Infographic)

10 Top Alarming Phishing Facts & Statistics
  1. $1.5 Million in Bitcoin Has Been Paid Due to Sextortion Schemes [Source: Cofense]
  2. 1 in 323 Emails Sent to Small Organizations Are Malicious [Source: Symantec]
  3. 245,771 Phishing Sites Were Discovered in Q1 2021 Alone [Source: PR Newswire]
  4. 29% of Phishing Sites Use a Brand Name as Part of the Domain [Source: Statista]
  5. 34% of Exploitable Vulnerabilities Have No Patch [Source: TechRepublic]
  6. 4% of Targets Click on Phishing Emails [Source: Verizon]
  7. 56% of CEO Impersonators Ask For Gift Cards [Source: APWG]
  8. 62% of Americans Worry About Web Security at Home, But Only 32% Worry About It at Work [Source: AtlasVPN]
  9. 65% of Known Cyberespionage Attacker Groups Use Spear Phishing [Source: Symantec]
  10. 74% of US Organizations Were Targeted by Smishing in 2021 [Source: Proof Point]

10 Terrifying Phishing Stats & Facts (Infographic)

10 Terrifying Phishing Stats & Facts
  1. 80% of People Misidentify Phishing Emails [Source: Intel]
  2. 81% of Phishing Attacks on Mobile Devices Don’t Involve Email [Source: Wandera]
  3. 83% of Phishing Sites Use SSL [Source: APWG]
  4. 83% of Spear Phishing Attacks Involve Brand Impersonation [Source: Barracuda]
  5. 83% of US Organizations Were Victims of Phishing in 2021 [Source: Proof Point]
  6. 86% of Organizations Had at Least One Employee Click a Phishing Link [Source: CISCO]
  7. 87% of Spear Phishing Attacks Occur During the Workweek [Source: Statista]
  8. 96% of Spear Phishing Attacks by Known Groups Are for Intelligence Gathering [Source: Symantec]
  9. Amazon Is the Impersonated Brand in Phishing Emails, At 17.7% [Source: Tech Radar]
  10. Between 2015 and 2021, the Cost of Phishing Scams Increased Nearly 4x [Source: Proof Point]

10 Frightening Phishing Attack Statistics (Infographic)

10 Frightening Phishing Attack Statistics
  • Custom Phishing Pages Cost as Little as $3 to $12 [Source: Symantec]
  • Facebook Is the Most Impersonated Website, At 14% of Phishing Websites [Source: PR Newswire]
  • Only 17% of Phishing Attempts Are Reported [Source: Verizon]
  • Over 1.3 Million New Phishing Sites Emerge Every Month [Source: Webroot]
  • Over 3.4 Billion Phishing Emails Are Sent Every Day [Source: Vailmail]
  • Over 40% of Phishing Command and Control Servers Are Located in the U.S. [Source: Cofense]
  • Over 5,200 SharePoint Phishing Emails Were Identified During a 12-Month Period [Source: Cofense]
  • People Aged 55+ Are Best at Recognizing Phishing and Ransomware Terms [Source: Proofpoint]
  • Phishing Attacks Hit Record High, with 1 Million Attacks During Q1 2022 [Source: WAGM]
  • Phishing Emails Comprise 1.2% of All Emails [Source: Vailmail]

9 Phishing Statistics You Must Know (Infographic)

9 Phishing Statistics You Must Know
  • Phishing Is Involved in 25% of All Data Breaches [Source: Verizon]
  • Sextortion Is on the Rise, Targeting Over 7 Million Email Addresses in Six Months [Source: Cofense]
  • Social Media Phishing Attacks More Than Doubled in 2021 [Source: Yahoo! Finance]
  • Spear Phishing Is the Preferred Approach for Delivering Certain Ransomware [Source: McAfee]
  • The Average CEO Is Targeted By 57 Phishing Attacks a Year [Source: Source: ZD Net]
  • The Average Cost of a Spear Phishing Attack on an Organization is $1.6 Million [Source: CSO]
  • The Financial Industry Is the Most Targeted Industry, With 24% of All Phishing Attacks [Source: Statista]
  • Tuesday Is the Most Popular Day for Spear Phishing [Source: Statista]
  • While 78% of People Understand the Risk of Unknown Links, 56% Click Anyway [Source: FAU]

Other Important Phishing Statistics

  • According to IBM’s 2021 research report, there was a 2% rise in phishing attacks between 2019 and 2020.
  • The Anti-Phishing Working Group observed that there were about 1,025,968 total phishing attacks that occurred In the Q1 of 2022.
  • 34.7% of all phishing attempts were targeted toward Webmail and SaaS users.
  • Of all cyber attacks, phishing attacks account for 8.5% of social media sets in Q4 of 2021 to 12.5% in Q1 of 2022.
  • In the year 2021, almost 40% of breaches were done through phishing, 22% involved hacking and 11% involved malware attacks.
  • Percentage of Industry-wise phishing attacks
  1. Cryptocurrency – 6.6%
  2. E-commerce – 14.6%
  3. Financial – 23.6%
  4. Logistics – 3.8%
  5. Payment – 5%
  6. Social media – 12.5%
  7. Software-as-a-Service – 20.5%
  • The APWG’s research found that phishing attempts had tripled since 2020.
  • The same research group Anti-Phishing Working Group found that 214,345 phishing websites were identified in 2021.
  • Following phishing attempts, 23% of firms ended up severing ties with their affected employees.
  • Meta’s Facebook is the most impersonated brand representing 14% of all phishing pages.
  • Microsoft is the second most impersonated at 13%. Other highly-impersonated brands include Netflix and Adobe.
  • According to IBM’s 2022 Cost of Data Breach Report, Phishing was the second most common cause of breaches at 16%, costing the companies $4.91m.
  • According to IRONSCALES, 81% of organizations around the world have experienced an increase in email phishing attacks since March 2020.
  • Only 1 in 5 organizations provide phishing awareness training to their employees once per year.
  • According to an IBM research report, 1 in 5 companies suffers a malicious data breach due to stolen credentials, while 17% are breached via a direct phishing attack.
  • According to the cybersecurity firm ESET, the most common types of malicious files attached to phishing emails are as follows:
  1. Office documents (19%)
  2. PDF documents (6%)
  3. Script files (23%)
  4. Shortcuts (4%)
  5. Windows executables (47%)
  • A Cofense study of their own simulated phishing campaigns found that 82% of trained employees in an organization reported the phishing attack within an hour of receiving it, 52% reported it within 5 minutes, and 19% within 30 seconds.
  • Research from KnowBe4 found that, after completing a year of awareness training on phishing, the average improvement rate across all industries and organizations was about 85%.
  • Cofense in its 2021 report, reiterated that .com domains still account for 50 percent of all credential phishing attacks.
  • According to Symantec’s 2020 research report, 1 in every 4,200 emails was a phishing email.
  • The top three types of data that are compromised in a phishing attack are given below:
  1. Credentials (passwords, usernames, pin numbers)
  2. Personal data (Name, address, email address)
  3. Medical (Treatment information, Insurance claims)
  • In the year 2020, the percentage of companies that experienced a successful phishing attack by country:
  1. United States: 74%
  2. United Kingdom: 66%
  3. Australia: 60%
  4. Japan: 56%
  5. Spain: 51%
  6. France: 48%
  7. Germany: 47%
  • FBI in its IC3 Report 2020 said that phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses.
  • According to the Check Point Research Security Report of 2018, 59% of phishing attacks in the Americas are related to finance.
  • Verizon Data Breach Investigations Report (DBIR) of 2018 said that 70% of breaches associated with nation-state or state-affiliated actors involved phishing.
  • Symantec Internet Security Threat Report 2018 said that 71.4% of targeted attacks involved the use of spear-phishing emails.
  • Verizon’s (DBIR) report of 2017 said that:
  1. 93% of social attacks were phishing related.
  2. 21% of ransomware involved social actions, such as phishing.
  3. 28% of phishing attacks are targeted.
Kevin James

Kevin James

I'm Kevin James, and I'm passionate about writing on Security and cybersecurity topics. Here, I'd like to share a bit more about myself.I hold a Bachelor of Science in Cybersecurity from Utica College, New York, which has been the foundation of my career in cybersecurity.As a writer, I have the privilege of sharing my insights and knowledge on a wide range of cybersecurity topics. You'll find my articles here at Cybersecurityforme.com, covering the latest trends, threats, and solutions in the field.

Related Posts

cybercrime statistics worldwide

Cybercrime Statistics Worldwide – 2026

Research Team at cybersecurityforme.com covered cybercrime statistics from all over the world, including the year by statistics also. You can… 

Read More »Cybercrime Statistics Worldwide – 2026

World Cybersecurity Statistics – 2026

Cybersecurity, once a niche concern, has become a top priority for individuals and organizations alike. As we venture into 2026,… 

Read More »World Cybersecurity Statistics – 2026
cybersecurity facts figures statistics infographics

Cybersecurity Facts, Figures & Infographics (2025)

Cybersecurity Facts and Figures (2025) (Source: World Economic Forum) Top 7 Cybersecurity Threats to Prepare For in 2023 (Cybersecurity Infographics)… 

Read More »Cybersecurity Facts, Figures & Infographics (2025)