Skip to content

Phishing Attacks Statistics – 2023

phishing attacks statistics

In this post, we have gathered all data regarding phishing attacks all over the world with statistics.

10 Top Alarming Phishing Facts & Statistics (Infographic)

10 Top Alarming Phishing Facts & Statistics
  1. $1.5 Million in Bitcoin Has Been Paid Due to Sextortion Schemes [Source: Cofense]
  2. 1 in 323 Emails Sent to Small Organizations Are Malicious [Source: Symantec]
  3. 245,771 Phishing Sites Were Discovered in Q1 2021 Alone [Source: PR Newswire]
  4. 29% of Phishing Sites Use a Brand Name as Part of the Domain [Source: Statista]
  5. 34% of Exploitable Vulnerabilities Have No Patch [Source: TechRepublic]
  6. 4% of Targets Click on Phishing Emails [Source: Verizon]
  7. 56% of CEO Impersonators Ask For Gift Cards [Source: APWG]
  8. 62% of Americans Worry About Web Security at Home, But Only 32% Worry About It at Work [Source: AtlasVPN]
  9. 65% of Known Cyberespionage Attacker Groups Use Spear Phishing [Source: Symantec]
  10. 74% of US Organizations Were Targeted by Smishing in 2021 [Source: Proof Point]

10 Terrifying Phishing Stats & Facts (Infographic)

10 Terrifying Phishing Stats & Facts
  1. 80% of People Misidentify Phishing Emails [Source: Intel]
  2. 81% of Phishing Attacks on Mobile Devices Don’t Involve Email [Source: Wandera]
  3. 83% of Phishing Sites Use SSL [Source: APWG]
  4. 83% of Spear Phishing Attacks Involve Brand Impersonation [Source: Barracuda]
  5. 83% of US Organizations Were Victims of Phishing in 2021 [Source: Proof Point]
  6. 86% of Organizations Had at Least One Employee Click a Phishing Link [Source: CISCO]
  7. 87% of Spear Phishing Attacks Occur During the Workweek [Source: Statista]
  8. 96% of Spear Phishing Attacks by Known Groups Are for Intelligence Gathering [Source: Symantec]
  9. Amazon Is the Impersonated Brand in Phishing Emails, At 17.7% [Source: Tech Radar]
  10. Between 2015 and 2021, the Cost of Phishing Scams Increased Nearly 4x [Source: Proof Point]

10 Frightening Phishing Attack Statistics (Infographic)

10 Frightening Phishing Attack Statistics
  • Custom Phishing Pages Cost as Little as $3 to $12 [Source: Symantec]
  • Facebook Is the Most Impersonated Website, At 14% of Phishing Websites [Source: PR Newswire]
  • Only 17% of Phishing Attempts Are Reported [Source: Verizon]
  • Over 1.3 Million New Phishing Sites Emerge Every Month [Source: Webroot]
  • Over 3.4 Billion Phishing Emails Are Sent Every Day [Source: Vailmail]
  • Over 40% of Phishing Command and Control Servers Are Located in the U.S. [Source: Cofense]
  • Over 5,200 SharePoint Phishing Emails Were Identified During a 12-Month Period [Source: Cofense]
  • People Aged 55+ Are Best at Recognizing Phishing and Ransomware Terms [Source: Proofpoint]
  • Phishing Attacks Hit Record High, with 1 Million Attacks During Q1 2022 [Source: WAGM]
  • Phishing Emails Comprise 1.2% of All Emails [Source: Vailmail]

9 Phishing Statistics You Must Know (Infographic)

9 Phishing Statistics You Must Know
  • Phishing Is Involved in 25% of All Data Breaches [Source: Verizon]
  • Sextortion Is on the Rise, Targeting Over 7 Million Email Addresses in Six Months [Source: Cofense]
  • Social Media Phishing Attacks More Than Doubled in 2021 [Source: Yahoo! Finance]
  • Spear Phishing Is the Preferred Approach for Delivering Certain Ransomware [Source: McAfee]
  • The Average CEO Is Targeted By 57 Phishing Attacks a Year [Source: Source: ZD Net]
  • The Average Cost of a Spear Phishing Attack on an Organization is $1.6 Million [Source: CSO]
  • The Financial Industry Is the Most Targeted Industry, With 24% of All Phishing Attacks [Source: Statista]
  • Tuesday Is the Most Popular Day for Spear Phishing [Source: Statista]
  • While 78% of People Understand the Risk of Unknown Links, 56% Click Anyway [Source: FAU]

Other Important Phishing Statistics

  • According to IBM’s 2021 research report, there was a 2% rise in phishing attacks between 2019 and 2020.
  • The Anti-Phishing Working Group observed that there were about 1,025,968 total phishing attacks that occurred In the Q1 of 2022.
  • 34.7% of all phishing attempts were targeted toward Webmail and SaaS users.
  • Of all cyber attacks, phishing attacks account for 8.5% of social media sets in Q4 of 2021 to 12.5% in Q1 of 2022.
  • In the year 2021, almost 40% of breaches were done through phishing, 22% involved hacking and 11% involved malware attacks.
  • Percentage of Industry-wise phishing attacks
  1. Cryptocurrency – 6.6%
  2. E-commerce – 14.6%
  3. Financial – 23.6%
  4. Logistics – 3.8%
  5. Payment – 5%
  6. Social media – 12.5%
  7. Software-as-a-Service – 20.5%
  • The APWG’s research found that phishing attempts had tripled since 2020.
  • The same research group Anti-Phishing Working Group found that 214,345 phishing websites were identified in 2021.
  • Following phishing attempts, 23% of firms ended up severing ties with their affected employees.
  • Meta’s Facebook is the most impersonated brand representing 14% of all phishing pages.
  • Microsoft is the second most impersonated at 13%. Other highly-impersonated brands include Netflix and Adobe.
  • According to IBM’s 2022 Cost of Data Breach Report, Phishing was the second most common cause of breaches at 16%, costing the companies $4.91m.
  • According to IRONSCALES, 81% of organizations around the world have experienced an increase in email phishing attacks since March 2020.
  • Only 1 in 5 organizations provide phishing awareness training to their employees once per year.
  • According to an IBM research report, 1 in 5 companies suffers a malicious data breach due to stolen credentials, while 17% are breached via a direct phishing attack.
  • According to the cybersecurity firm ESET, the most common types of malicious files attached to phishing emails are as follows:
  1. Office documents (19%)
  2. PDF documents (6%)
  3. Script files (23%)
  4. Shortcuts (4%)
  5. Windows executables (47%)
  • A Cofense study of their own simulated phishing campaigns found that 82% of trained employees in an organization reported the phishing attack within an hour of receiving it, 52% reported it within 5 minutes, and 19% within 30 seconds.
  • Research from KnowBe4 found that, after completing a year of awareness training on phishing, the average improvement rate across all industries and organizations was about 85%.
  • Cofense in its 2021 report, reiterated that .com domains still account for 50 percent of all credential phishing attacks.
  • According to Symantec’s 2020 research report, 1 in every 4,200 emails was a phishing email.
  • The top three types of data that are compromised in a phishing attack are given below:
  1. Credentials (passwords, usernames, pin numbers)
  2. Personal data (Name, address, email address)
  3. Medical (Treatment information, Insurance claims)
  • In the year 2020, the percentage of companies that experienced a successful phishing attack by country:
  1. United States: 74%
  2. United Kingdom: 66%
  3. Australia: 60%
  4. Japan: 56%
  5. Spain: 51%
  6. France: 48%
  7. Germany: 47%
  • FBI in its IC3 Report 2020 said that phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses.
  • According to the Check Point Research Security Report of 2018, 59% of phishing attacks in the Americas are related to finance.
  • Verizon Data Breach Investigations Report (DBIR) of 2018 said that 70% of breaches associated with nation-state or state-affiliated actors involved phishing.
  • Symantec Internet Security Threat Report 2018 said that 71.4% of targeted attacks involved the use of spear-phishing emails.
  • Verizon’s (DBIR) report of 2017 said that:
  1. 93% of social attacks were phishing related.
  2. 21% of ransomware involved social actions, such as phishing.
  3. 28% of phishing attacks are targeted.
Kevin James

Kevin James

I'm Kevin James, and I'm passionate about writing on Security and cybersecurity topics. Here, I'd like to share a bit more about myself. I hold a Bachelor of Science in Cybersecurity from Utica College, New York, which has been the foundation of my career in cybersecurity. As a writer, I have the privilege of sharing my insights and knowledge on a wide range of cybersecurity topics. You'll find my articles here at, covering the latest trends, threats, and solutions in the field.