The Latest Phishing Statistics (updated June 2024) | AAG IT Support (2024)

Headline Phishing Statistics

• Phishing is the most common form of cyber crime, with an estimated 3.4 billion spam emails sent every day.
• The use of stolen credentials is the most common cause of data breaches.
• Google blocks around 100 million phishing emails daily.
• Over 48% of emails sent in 2022 were spam.
• Over a fifth of phishing emails originate from Russia.
• Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks.
• 83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing.
• Phishing was the most common attack type against Asian organisations in 2021.
• The average cost of a data breach against an organisation is more than $4 million.
• One whaling attack costs a business $47 million.

Phishing Overview

Phishing is a type of cyber crime whereby cyber criminals send spam messages containing malicious links, designed to get targets to either download malware or follow links to spoof websites. These messages were traditionally emails, but have since been employed through texts, social media and phone calls.

Phishing remains the most common form of cyber crime. Of UK businesses that suffered a cyber attack in 2022, 83% say the attack was phishing.

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing attack. This is despite Google’s cyber security measures blocking 99.9% of phishing attempts from reaching users.

With an average of $136 lost per phishing attack, this amounts to $44.2 million stolen by cyber criminals through phishing attacks in 2021.

Phishing attacks largely target victims through emails. In 2021, there was a global average of 16.5 leaked emails per 100 internet users. These breached databases are sold on black marketplaces on the dark web, meaning cyber criminals can purchase them and use the addresses in phishing attacks.

2021 saw nearly 1 billion emails exposed, affecting 1 in 5 internet users. This may partly explain the continued prevalence of phishing attacks.

It is more important than ever for businesses to take cyber security seriously, particularly in heavily regulated industries such as financial services companies and law firms.

A 2019 study highlighted that spear phishing was the most popular avenue for attack for cyber criminals. These phishing campaigns were used by 65% of all known groups. The primary motive for these attacks was overwhelmingly intelligence gathering, with 96% of groups using targeted attacks for this reason.

In 2022, the most common URL included in phishing emails links to websites with the ‘.com’ domain, at 54%. The next most common domain is ‘.net’ at less than 8.9%. The most common domain names with ‘.com’ for Q2 2022 are:

• Adobe
• Google
• Myportfolio
• Backblazeb2
• Weebly

The risk that phishing poses is clear. A data breach that exposes 10 million records costs businesses $50 million on average. An attack that compromises 50 million records can cost as much as $392 million.

The growing cost-of-living crises experienced by economies globally are providing fertile ground for cyber criminals to launch phishing campaigns. In the UK, scammers impersonated the energy regulator Ofgem in their attempts to harvest financial information. In response, Ofgem contacted all UK energy suppliers and asked them to update their websites with information advising customers what actions to take if they encounter a scam.

Phishing trends 2023

LinkedIn

LinkedIn is used by more than 850 million people across more than 200 countries and regions. With so many people using the platform, it is the perfect target foremail phishing attacks.

In Q1 of 2021, phishing emails using LinkedIn as cover were the most clicked-on social media mail, at 42%, ahead of Facebook at 20% and Twitter at 9%.

New starters that have changed their job status on LinkedIn are a key target. The criminals impersonate senior staff in their attempts to obtain personal information. Others will request employees to buy gift vouchers, such as those for iTunes, or call a given number to discuss important requirements for the job.

Since 2021, LinkedIn remains a major target for cyber criminals. In Q1 2022, LinkedIn was the most imitated brand globally, with 52% of identified phishing attacks purporting to be the platform.

Greater variance in attacks

A 2022 report on cyber crime rates highlights that cyber criminals are sending more emails in their campaigns. Of 1400 organisations surveyed, 80% believed it was likely they would suffer from an email-based cyber attack.

79% reported an increase in the number of emails their organisation was receiving, including 33% who said they were receiving significantly more than in previous years. What is especially worrying is that 96% reported at least one phishing attack in the last year, with 52% believing these threats to be more sophisticated.

The increasing volume of phishing emails increases the likelihood of a successful attack. 92% responded that at least one business email had been compromised. 93% had experienced data leaks due to carelessness, negligence or compromised employee credentials.

The link between phishing and ransomware

The latest cyber security systems, such as SIEM, are able to proactively scan networks for signs of intrusion. As such, cyber criminals are developing increasingly sophisticated methods of delivery for malware.

Phishing is the main delivery method for ransomware. A 2022 study of 1400 organisations found that of the 26% that had experienced a ‘significant’ increase in the number of email threats received in the last year, 88% were victimised by ransomware. Compared with the 65% that experienced ransomware without such an increase in the number of email threats, we can see the dangerous link between these two attack types.

Phishing was a primary delivery method for the notorious REvil ransomware. IBM’s X-Force observed that REvil incidents in 2021 often started with a ‘QakBot’ phishing email. This email would have a short message pertaining to unpaid invoices or something similar, and in some instances, hackers would hijack ongoing conversations to insert a malicious link.

When opened, the target would be instructed to unknowingly enable the QakBot banking trojan to be dropped into a system. REvil threat actors could then take command of the operation, conducting reconnaissance and attempting to compromise data.

For an in-depth overview of current ransomware risks and trends, read our Ransomware Statistics Guide. Or check out our Guide to Outsourcing IT for an in-depth service overview.

Global Phishing Statistics

• Google blocks around 100 million phishing emails every day.
• For Q1 2022, LinkedIn was the most imitated brand for phishing attempts globally. The top 5 most imitated brands in Q1 2022 were:
  • LinkedIn (52%)
  • DHL (14%)
  • Google (7%)
  • Microsoft (6%)
  • FedEx (6%)
• 45.56% of emails sent in 2021 were spam.
  • June 2021 had the highest percentage of spam emails sent, at 48.03%.
  • November 2021 had the lowest percentage of spam emails sent, at 43.7%.
• 24.77% of spam emails were sent from Russia. A further 14.12% of spam emails were sent from Germany. The top 5 origin countries for spam emails in 2021 were:
  • Russia (24.77%)
  • Germany (14.12%)
  • USA (10.46%)
  • China (8.73%)
  • Netherlands (4.75%)
• The most prevalent malware links found in phishing emails in 2021 were Trojans from the ‘Agensla’ family. These steal login credentials stored in browsers and credentials from emails.
• Phishing is considered the most disruptive form of cyber crime for UK businesses in 2022, tied with threat actors impersonating the organisation online.
• Millennials and Gen-Z internet users (18-40 year olds) are most likely to fall victim to phishing attacks – 23% compared to 19% of Generation X internet users (41-55 year olds).
• 90% of phishing attacks sent via messaging apps are sent through WhatsApp. The next highest percentage is Telegram, with 5.04%.
• Kaspersky detected 469 different ‘phishing kits’ in 2021. The cyber security vendor blocked 1.2 million phishing pages.
• In 2021, the average click rate for a phishing campaign was 17.8%. Phishing campaigns that were more targeted and added phone calls had an average click rate of 53.2% – 3 times more effective.
• A security scan of millions of emails found that of those that contained security threats:
  • 12% delivered malware
  • 6% were compromised business emails or CEO fraud
  • Of the credential phishing emails, 45% purported to be from Microsoft
  • A further 17% were finance-themed
  • 9.3% of the reported messages were malicious
  • Of this 9.3%, 38% just had a URL, while 36% had attachments
  • 100 unique malware families were discovered in the email scan
• Phishing was the top infection type at Asian organisations in 2021, with 43% of attacks in the continent. This is tied with vulnerability exploitation, and ahead of brute force attacks (7%) and the use of stolen credentials (7%).
• Phishing was also prevalent in European organisations through 2021, with 42% of attacks. This was just less than vulnerability exploitation (46%) and ahead of brute force attacks (12%).
• In North America, phishing was used in 47% of attacks against organisations in 2021, more than vulnerability exploitation (29%) and brute force (9%).
• In Latin America in 2021, phishing was also used in 47% of attacks against organisations, ahead of stolen credentials (29%) and vulnerability exploitation (18%).
• 40% of cyber attacks in 2021 against businesses in the manufacturing industry involved phishing.
  • For businesses in the finance industry, this percentage rises to 46% – phishing was the most common infection vector for cyber attacks in finance.
  • In the energy industry, 60% of attacks involved phishing.
  • 20% of cyber attacks against professional and business services (including law firms, accountants and architects) involved phishing in 2021.
  • Phishing was also the most common infection vector in the retail industry in 2021, with hackers using this method in 38% of attacks against businesses in this industry.
• In the UK, those aged 25-44 are considered the most likely to be targeted by phishing attempts.
• There has been a 57% increase in consumer and retail fraud from March 2020 to March 2022.
  • In 2022, 4.8% of fraud in the UK was related to Coronavirus. Scams included fraudsters sending emails or texts informing targets they needed to set up their next Covid jab – usually providing a link that would then tell them to enter their card details for an admin fee or to pay for the jab.
• In 2021 in the UK, there were a total of 8023 reports of social media hacking – a 23.5% increase from the previous year.
• The US IC3 department received reports from 24,299 victims of romance scams and confidence fraud in 2021. This amounted to more than $956 million lost.
  • The largest proportion of victims were those over 60 – 32% of the total.
  • 16% were aged between 50-59.
  • Just 2% were under 20.
• Sextortion was also a prevalent issue in 2021 in the US. Sextortion occurs when someone threatens to release sensitive photos, videos or information involving sexual acts if their demands are not met.
  • The IC3 department received more than 18,000 complaints in 2021 relating to sextortion. Victim losses amounted to more than $13.6 million.
• In 2021, around $100 million was lost in Canada due to online fraud.
• The most common online scams in Canada involve romance, accounting for $42.2 million of money lost, and investments.
• 34% of Canadians received phishing emails in the first 6 months of the pandemic.
• In 2021, the rate of identity theft in Canada was 18.76 per 100,000 of the population. This was a decrease over the 10-year high of 2020 (19.4 per 100,000), but was still higher than 2010-2019, where the rate ranged from 2.37 (in 2010) to 12.58 (in 2019).
• 14% of victims of business email compromise attacks in the US recovered none of their financial losses.
• 35% of breaches in the US involved social engineering in 2021.
• In 2022, 48.63% of all emails globally were spam.
  • However, over the course of 2022 the share of spam in global email traffic declined from 51.02% in Q1 to 46.16% in Q4.
  • February saw the highest percentage of spam in email traffic in 2022 at 52.78%.
  • December had the lowest percentage of spam sent, with 45.2% of emails considered spam.
• The US-based IC3 received 300,497 reports from victims of phishing in 2022.
• Business Email Compromise attacks cost US victims more than $2.7 billion in 2022.
• Between 2020 and 2021, cyber crime increased by 168% in the Asia-Pacific region, including phishing and zero-day attacks.
• Phishing incidents rose by 220% compared to annual averages at the height of the Covid-19 pandemic.
• Phishing is the most common form of attack against UK law firms – in 2016, 80% of surveyed law firms reported suffering phishing attempts.
  • The amounts stolen through phishing in the first quarter of 2017 were up 300% compared to the previous year.
• An average of 1.4 million phishing sites are created every month.
• Younger workers are five times more likely to make mistakes that result in security issues.
• A third of workers rarely think about cyber security when at work.
• 43% of people have compromised their work’s cyber security while working.
• Between 2022-2023, 79% of UK businesses that suffered a cyber attack reported that the attack type was phishing.
  • 31% identified others impersonating the organisation in emails or online as the attack vector.
• 83% of UK charities that suffered a cyber attack between 2022-2023 identified phishing as the attack type.

Notable Phishing Attacks

2015 FACC Whaling Attack

In late 2015 FACC, an. aerospace company specialising in aircraft components and systems, lost $47 million after a successful ‘whaling’ attack. In this case, the hackers impersonated the CEO of FACC to get an employee to send money.

Cyber criminals posed as FACC CEO Walter Stephen, sending an email to another employee requesting the transfer of funds for an ‘acquisition project’. The phishing attack was successful as the hackers managed to replicate Stephen’s writing style, lending legitimacy to the message so the unsuspecting employee would comply.

The attack was made public in early 2016, when FACC admitted the monetary loss and announced the immediate departure of the CEO. The employee who transferred the funds was also fired, along with the CFO of the company.

FACC managed to block around 10.9 million euros ($11.2 million) from being transferred, but the majority of the funds were sent to the fraudsters. This contributed to FACC recording losses of 23.4 million euros ($24 million) for the 2015/16 financial year.

2014 Sony Pictures Phishing Attack

The infamous 2014 Sony cyber attack saw up to 100 terabytes of data leaked from the entertainment giant, as well as extensive damage to servers and operational capacity.

While malware was used to exfiltrate the data and wipe Sony’s servers, initial access was granted through phishing emails sent to Sony executives. These emails asked for account verification, linking them to malicious sites that, when they entered their details, sent the executives’ usernames and passwords to the hackers.

The hacking group, called ‘The Guardians of Peace’ or ‘Lazarus’, were then able to access and steal information relating to employees, data on then-unreleased films and private correspondence.

The hackers claimed to have stolen 100 terabytes of data, but this has never been verified – around 40 gigabytes appeared online after the attack. The attack caused major damage to Sony’s internal systems. In the first quarter of 2015, the company set aside $15 million to deal with ongoing issues relating to the attack. In total, the attack cost Sony an estimated $100 million to resolve.

2021 Colonial Pipeline attack

The 2021 Colonial Pipeline attack was a massive cyber attack that temporarily shut down gasoline distribution across the east coast of the USA. This prompted a state of emergency to be declared in 18 states to avoid crippling shortages.

While most of the damage was caused by a ransomware attack that locked systems, the hackers gained entry to the network through a compromised password. The hackers were likely able to get this password through phishing or social engineering.

According to Colonial Pipeline Chief Executive Joseph Blount, the legacy account linked to this password did not have multifactor authentication in place, meaning there was no second step in place to ensure the person entering the password was authorised.

As such, Colonial Pipeline was forced to pay around $4.4 million to the hackers to regain control of their systems.

What is phishing?

Phishing is the most common form of cyber crime. Phishing attacks are usually emails, where the cyber criminal poses as an organisation or charity to elicit a second action, such as clicking on malicious email attachments or following a link to a spoof website.

Phishing attacks are often the entry point for cyber criminals to launch more serious security breaches. As such, it is crucial that individuals and employees learn to spot a phishing email to avoid potential security incidents.

Is phishing the most common cyber attack?

Yes, phishing is the most common form of cyber crime. An estimated 3.4 billion phishing emails are sent every day.

What is spear phishing?

Spear phishing emails are a targeted form of phishing. Cyber criminals already have some information about the target, such as their name, place of employment or job title. This allows the criminal to create more authentic-sounding messages to trick the target.

What type of phishing attack targets specific users?

‘Spear phishing’ is a type of phishing attack that targets specific users.

What type of phishing attack targets groups?

Most types of phishing will target groups of people, using email addresses or telephone numbers taken from breached databases.

What are the types of phishing attacks?

Email phishing: The most common type of phishing attack. Cyber criminals impersonate companies or charities in an email, directing potential victims to click a link and enter personal information or pay for something. Any data entered can be seen by the cyber criminals, including passwords.

Spear phishing: A targeted form of email phishing, where personal information is used to craft more genuine-sounding messages.

Whaling: A form of spear phishing, whaling is where cyber criminals target senior executives and high-ranking managers. These messages convey a sense of urgency, usually to transfer funds quickly.

Smishing: Cyber criminals send text messages posing as a company or charity. These messages work much the same way as email phishing.

Vishing: Cyber criminals call their targets and attempt to get them to give information, such as account credentials or credit card details, over the phone.

Angler phishing: Cyber criminals use social media to get information, to get targets to visit a fake website or download malware.

How many phishing emails are sent daily?

3.4 billion.

While it would be impossible to get a definitive answer, it’s estimated that 3.4 billion phishing emails are sent globally every day.

How common are phishing attacks?

Over half of the victims of cyber crime globally were victims of phishing scams in 2021.

Phishing is the most common form of cyber crime. More than half of those affected by cyber crime fall victim to phishing. For businesses, this number is even higher; 83% of UK businesses that suffered a cyber attack in 2022 said they were the victim of phishing.

What is the difference between phishing and blagging?

Blagging: Blagging messages are targeted attacks where the hacker makes up a story to try and get money or information out of the target. For instance, the target may receive an email from a ‘friend’, who needs money.

Phishing: Phishing messages are more general, usually sent in the form of malicious emails to addresses gained from a breached database. The hacker will pose as a business or charity, but the end result is the same as blagging; the hacker attempts to get the target to send money or enter information on phishing sites.

Why is phishing still successful?

In general, cyber attacks are becoming more dangerous as criminals develop more sophisticated methods of breaching defences. This is why phishing is still successful and dangerous.

New types of phishing attacks can be rented to criminals on a subscription basis, such as ‘EvilProxy’. EvilProxy can bypass multi-factor authentication, heightening the risk of data breaches even with robust security systems in place.

Phishing emails have caused what percentage of data breaches?

79%.

79% of UK businesses that suffered a cyber attack in 2023 identified phishing as the cause.

How many businesses are targeted by spear-phishing attacks each day?

It’s impossible to estimate the number of businesses targeted by spear-phishing attacks each day.

However, phishing is the most common form of cyber crime (79% of UK businesses that suffered an attack in 2023 reported the cause as phishing) and 3.4 billion phishing emails are sent daily – it’s likely many businesses that suffer attempted spear-phishing attacks.

In addition, 65% of known hacking groups in 2019 were using spear phishing campaigns, with 96% using targeted attacks for intelligence-gathering purposes.

Phishing attacks are part of what percentage of cyber attacks?

79% of cyber attacks against UK businesses were identified as phishing.

What percentage of cyber security incidents start with an employee getting phished?

91% of cyber attacks begin with a phishing email to a victim.

Sources

Google, Surfshark, UK government, ISTR, Cofense, Mimecast, LinkedIn, Bulletproof, Check Point, IBM, Kaspersky, AtlasVPN, NCSC, IT Governance, Reuters, Wired, Office for National Statistics, IC3, Statista, Canadian Anti-Fraud Centre, Statistics Canada, Valimail, Verizon, F5 Labs, Law Society, Tessian, Webroot, Deloitte