Phishing Attacks Statistics – 2023

In this post, we have gathered all data regarding phishing attacks all over the world with statistics.

10 Top Alarming Phishing Facts & Statistics (Infographic)

1. $1.5 Million in Bitcoin Has Been Paid Due to Sextortion Schemes [Source: Cofense]
2. 1 in 323 Emails Sent to Small Organizations Are Malicious [Source: Symantec]
3. 245,771 Phishing Sites Were Discovered in Q1 2021 Alone [Source: PR Newswire]
4. 29% of Phishing Sites Use a Brand Name as Part of the Domain [Source: Statista]
5. 34% of Exploitable Vulnerabilities Have No Patch [Source: TechRepublic]
6. 4% of Targets Click on Phishing Emails [Source: Verizon]
7. 56% of CEO Impersonators Ask For Gift Cards [Source: APWG]
8. 62% of Americans Worry About Web Security at Home, But Only 32% Worry About It at Work [Source: AtlasVPN]
9. 65% of Known Cyberespionage Attacker Groups Use Spear Phishing [Source: Symantec]
10. 74% of US Organizations Were Targeted by Smishing in 2021 [Source: Proof Point]

10 Terrifying Phishing Stats & Facts (Infographic)

1. 80% of People Misidentify Phishing Emails [Source: Intel]
2. 81% of Phishing Attacks on Mobile Devices Don’t Involve Email [Source: Wandera]
3. 83% of Phishing Sites Use SSL [Source: APWG]
4. 83% of Spear Phishing Attacks Involve Brand Impersonation [Source: Barracuda]
5. 83% of US Organizations Were Victims of Phishing in 2021 [Source: Proof Point]
6. 86% of Organizations Had at Least One Employee Click a Phishing Link [Source: CISCO]
7. 87% of Spear Phishing Attacks Occur During the Workweek [Source: Statista]
8. 96% of Spear Phishing Attacks by Known Groups Are for Intelligence Gathering [Source: Symantec]
9. Amazon Is the Impersonated Brand in Phishing Emails, At 17.7% [Source: Tech Radar]
10. Between 2015 and 2021, the Cost of Phishing Scams Increased Nearly 4x [Source: Proof Point]

10 Frightening Phishing Attack Statistics (Infographic)

• Custom Phishing Pages Cost as Little as $3 to $12 [Source: Symantec]
• Facebook Is the Most Impersonated Website, At 14% of Phishing Websites [Source: PR Newswire]
• Only 17% of Phishing Attempts Are Reported [Source: Verizon]
• Over 1.3 Million New Phishing Sites Emerge Every Month [Source: Webroot]
• Over 3.4 Billion Phishing Emails Are Sent Every Day [Source: Vailmail]
• Over 40% of Phishing Command and Control Servers Are Located in the U.S. [Source: Cofense]
• Over 5,200 SharePoint Phishing Emails Were Identified During a 12-Month Period [Source: Cofense]
• People Aged 55+ Are Best at Recognizing Phishing and Ransomware Terms [Source: Proofpoint]
• Phishing Attacks Hit Record High, with 1 Million Attacks During Q1 2022 [Source: WAGM]
• Phishing Emails Comprise 1.2% of All Emails [Source: Vailmail]

9 Phishing Statistics You Must Know (Infographic)

• Phishing Is Involved in 25% of All Data Breaches [Source: Verizon]
• Sextortion Is on the Rise, Targeting Over 7 Million Email Addresses in Six Months [Source: Cofense]
• Social Media Phishing Attacks More Than Doubled in 2021 [Source: Yahoo! Finance]
• Spear Phishing Is the Preferred Approach for Delivering Certain Ransomware [Source: McAfee]
• The Average CEO Is Targeted By 57 Phishing Attacks a Year [Source: Source: ZD Net]
• The Average Cost of a Spear Phishing Attack on an Organization is $1.6 Million [Source: CSO]
• The Financial Industry Is the Most Targeted Industry, With 24% of All Phishing Attacks [Source: Statista]
• Tuesday Is the Most Popular Day for Spear Phishing [Source: Statista]
• While 78% of People Understand the Risk of Unknown Links, 56% Click Anyway [Source: FAU]

Other Important Phishing Statistics

• According to IBM’s 2021 research report, there was a 2% rise in phishing attacks between 2019 and 2020.
• The Anti-Phishing Working Group observed that there were about 1,025,968 total phishing attacks that occurred In the Q1 of 2022.
• 34.7% of all phishing attempts were targeted toward Webmail and SaaS users.
• Of all cyber attacks, phishing attacks account for 8.5% of social media sets in Q4 of 2021 to 12.5% in Q1 of 2022.
• In the year 2021, almost 40% of breaches were done through phishing, 22% involved hacking and 11% involved malware attacks.
• Percentage of Industry-wise phishing attacks

1. Cryptocurrency – 6.6%
2. E-commerce – 14.6%
3. Financial – 23.6%
4. Logistics – 3.8%
5. Payment – 5%
6. Social media – 12.5%
7. Software-as-a-Service – 20.5%

• The APWG’s research found that phishing attempts had tripled since 2020.
• The same research group Anti-Phishing Working Group found that 214,345 phishing websites were identified in 2021.
• Following phishing attempts, 23% of firms ended up severing ties with their affected employees.
• Meta’s Facebook is the most impersonated brand representing 14% of all phishing pages.
• Microsoft is the second most impersonated at 13%. Other highly-impersonated brands include Netflix and Adobe.
• According to IBM’s 2022 Cost of Data Breach Report, Phishing was the second most common cause of breaches at 16%, costing the companies $4.91m.
• According to IRONSCALES, 81% of organizations around the world have experienced an increase in email phishing attacks since March 2020.
• Only 1 in 5 organizations provide phishing awareness training to their employees once per year.
• According to an IBM research report, 1 in 5 companies suffers a malicious data breach due to stolen credentials, while 17% are breached via a direct phishing attack.
• According to the cybersecurity firm ESET, the most common types of malicious files attached to phishing emails are as follows:

1. Office documents (19%)
2. PDF documents (6%)
3. Script files (23%)
4. Shortcuts (4%)
5. Windows executables (47%)

• A Cofense study of their own simulated phishing campaigns found that 82% of trained employees in an organization reported the phishing attack within an hour of receiving it, 52% reported it within 5 minutes, and 19% within 30 seconds.
• Research from KnowBe4 found that, after completing a year of awareness training on phishing, the average improvement rate across all industries and organizations was about 85%.
• Cofense in its 2021 report, reiterated that .com domains still account for 50 percent of all credential phishing attacks.
• According to Symantec’s 2020 research report, 1 in every 4,200 emails was a phishing email.
• The top three types of data that are compromised in a phishing attack are given below:

1. Credentials (passwords, usernames, pin numbers)
2. Personal data (Name, address, email address)
3. Medical (Treatment information, Insurance claims)

• In the year 2020, the percentage of companies that experienced a successful phishing attack by country:

1. United States: 74%
2. United Kingdom: 66%
3. Australia: 60%
4. Japan: 56%
5. Spain: 51%
6. France: 48%
7. Germany: 47%

• FBI in its IC3 Report 2020 said that phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses.
• According to the Check Point Research Security Report of 2018, 59% of phishing attacks in the Americas are related to finance.
• Verizon Data Breach Investigations Report (DBIR) of 2018 said that 70% of breaches associated with nation-state or state-affiliated actors involved phishing.
• Symantec Internet Security Threat Report 2018 said that 71.4% of targeted attacks involved the use of spear-phishing emails.
• Verizon’s (DBIR) report of 2017 said that:

1. 93% of social attacks were phishing related.
2. 21% of ransomware involved social actions, such as phishing.
3. 28% of phishing attacks are targeted.