In this post, we have gathered all data regarding phishing attacks all over the world with statistics.
Table of Contents
10 Top Alarming Phishing Facts & Statistics (Infographic)
- $1.5 Million in Bitcoin Has Been Paid Due to Sextortion Schemes [Source: Cofense]
- 1 in 323 Emails Sent to Small Organizations Are Malicious [Source: Symantec]
- 245,771 Phishing Sites Were Discovered in Q1 2021 Alone [Source: PR Newswire]
- 29% of Phishing Sites Use a Brand Name as Part of the Domain [Source: Statista]
- 34% of Exploitable Vulnerabilities Have No Patch [Source: TechRepublic]
- 4% of Targets Click on Phishing Emails [Source: Verizon]
- 56% of CEO Impersonators Ask For Gift Cards [Source: APWG]
- 62% of Americans Worry About Web Security at Home, But Only 32% Worry About It at Work [Source: AtlasVPN]
- 65% of Known Cyberespionage Attacker Groups Use Spear Phishing [Source: Symantec]
- 74% of US Organizations Were Targeted by Smishing in 2021 [Source: Proof Point]
10 Terrifying Phishing Stats & Facts (Infographic)
- 80% of People Misidentify Phishing Emails [Source: Intel]
- 81% of Phishing Attacks on Mobile Devices Don’t Involve Email [Source: Wandera]
- 83% of Phishing Sites Use SSL [Source: APWG]
- 83% of Spear Phishing Attacks Involve Brand Impersonation [Source: Barracuda]
- 83% of US Organizations Were Victims of Phishing in 2021 [Source: Proof Point]
- 86% of Organizations Had at Least One Employee Click a Phishing Link [Source: CISCO]
- 87% of Spear Phishing Attacks Occur During the Workweek [Source: Statista]
- 96% of Spear Phishing Attacks by Known Groups Are for Intelligence Gathering [Source: Symantec]
- Amazon Is the Impersonated Brand in Phishing Emails, At 17.7% [Source: Tech Radar]
- Between 2015 and 2021, the Cost of Phishing Scams Increased Nearly 4x [Source: Proof Point]
10 Frightening Phishing Attack Statistics (Infographic)
- Custom Phishing Pages Cost as Little as $3 to $12 [Source: Symantec]
- Facebook Is the Most Impersonated Website, At 14% of Phishing Websites [Source: PR Newswire]
- Only 17% of Phishing Attempts Are Reported [Source: Verizon]
- Over 1.3 Million New Phishing Sites Emerge Every Month [Source: Webroot]
- Over 3.4 Billion Phishing Emails Are Sent Every Day [Source: Vailmail]
- Over 40% of Phishing Command and Control Servers Are Located in the U.S. [Source: Cofense]
- Over 5,200 SharePoint Phishing Emails Were Identified During a 12-Month Period [Source: Cofense]
- People Aged 55+ Are Best at Recognizing Phishing and Ransomware Terms [Source: Proofpoint]
- Phishing Attacks Hit Record High, with 1 Million Attacks During Q1 2022 [Source: WAGM]
- Phishing Emails Comprise 1.2% of All Emails [Source: Vailmail]
9 Phishing Statistics You Must Know (Infographic)
- Phishing Is Involved in 25% of All Data Breaches [Source: Verizon]
- Sextortion Is on the Rise, Targeting Over 7 Million Email Addresses in Six Months [Source: Cofense]
- Social Media Phishing Attacks More Than Doubled in 2021 [Source: Yahoo! Finance]
- Spear Phishing Is the Preferred Approach for Delivering Certain Ransomware [Source: McAfee]
- The Average CEO Is Targeted By 57 Phishing Attacks a Year [Source: Source: ZD Net]
- The Average Cost of a Spear Phishing Attack on an Organization is $1.6 Million [Source: CSO]
- The Financial Industry Is the Most Targeted Industry, With 24% of All Phishing Attacks [Source: Statista]
- Tuesday Is the Most Popular Day for Spear Phishing [Source: Statista]
- While 78% of People Understand the Risk of Unknown Links, 56% Click Anyway [Source: FAU]
Other Important Phishing Statistics
- According to IBM’s 2021 research report, there was a 2% rise in phishing attacks between 2019 and 2020.
- The Anti-Phishing Working Group observed that there were about 1,025,968 total phishing attacks that occurred In the Q1 of 2022.
- 34.7% of all phishing attempts were targeted toward Webmail and SaaS users.
- Of all cyber attacks, phishing attacks account for 8.5% of social media sets in Q4 of 2021 to 12.5% in Q1 of 2022.
- In the year 2021, almost 40% of breaches were done through phishing, 22% involved hacking and 11% involved malware attacks.
- Percentage of Industry-wise phishing attacks
- Cryptocurrency – 6.6%
- E-commerce – 14.6%
- Financial – 23.6%
- Logistics – 3.8%
- Payment – 5%
- Social media – 12.5%
- Software-as-a-Service – 20.5%
- The APWG’s research found that phishing attempts had tripled since 2020.
- The same research group Anti-Phishing Working Group found that 214,345 phishing websites were identified in 2021.
- Following phishing attempts, 23% of firms ended up severing ties with their affected employees.
- Meta’s Facebook is the most impersonated brand representing 14% of all phishing pages.
- Microsoft is the second most impersonated at 13%. Other highly-impersonated brands include Netflix and Adobe.
- According to IBM’s 2022 Cost of Data Breach Report, Phishing was the second most common cause of breaches at 16%, costing the companies $4.91m.
- According to IRONSCALES, 81% of organizations around the world have experienced an increase in email phishing attacks since March 2020.
- Only 1 in 5 organizations provide phishing awareness training to their employees once per year.
- According to an IBM research report, 1 in 5 companies suffers a malicious data breach due to stolen credentials, while 17% are breached via a direct phishing attack.
- According to the cybersecurity firm ESET, the most common types of malicious files attached to phishing emails are as follows:
- Office documents (19%)
- PDF documents (6%)
- Script files (23%)
- Shortcuts (4%)
- Windows executables (47%)
- A Cofense study of their own simulated phishing campaigns found that 82% of trained employees in an organization reported the phishing attack within an hour of receiving it, 52% reported it within 5 minutes, and 19% within 30 seconds.
- Research from KnowBe4 found that, after completing a year of awareness training on phishing, the average improvement rate across all industries and organizations was about 85%.
- Cofense in its 2021 report, reiterated that .com domains still account for 50 percent of all credential phishing attacks.
- According to Symantec’s 2020 research report, 1 in every 4,200 emails was a phishing email.
- The top three types of data that are compromised in a phishing attack are given below:
- Credentials (passwords, usernames, pin numbers)
- Personal data (Name, address, email address)
- Medical (Treatment information, Insurance claims)
- In the year 2020, the percentage of companies that experienced a successful phishing attack by country:
- United States: 74%
- United Kingdom: 66%
- Australia: 60%
- Japan: 56%
- Spain: 51%
- France: 48%
- Germany: 47%
- FBI in its IC3 Report 2020 said that phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses.
- According to the Check Point Research Security Report of 2018, 59% of phishing attacks in the Americas are related to finance.
- Verizon Data Breach Investigations Report (DBIR) of 2018 said that 70% of breaches associated with nation-state or state-affiliated actors involved phishing.
- Symantec Internet Security Threat Report 2018 said that 71.4% of targeted attacks involved the use of spear-phishing emails.
- Verizon’s (DBIR) report of 2017 said that:
- 93% of social attacks were phishing related.
- 21% of ransomware involved social actions, such as phishing.
- 28% of phishing attacks are targeted.