100+ Phishing Attack Statistics You Should Know
Ayush Saxena
Jan 03, 2025Phishing attacks have become a menacing threat in today’s digital landscape, jeopardizing the security and privacy of organizations and individuals alike. Understanding the scope as well as the impact of these threats is critical for avoiding potentially debilitating financial loss or implementing effective cybersecurity measures.
Here we analyze the impact of phishing attacks globally:
- Nearly 1 billion emails were exposed in 2021, affecting every 1 in 5 internet users.
- Nearly 1.2% of all emails shared are malicious, which translates to 3.4 billion phishing emails daily.
- Extortion of over 33 million records with a phishing attack or ransomware is expected to occur by 2024.
- A data breach that affects 10 million records costs businesses $50 million, and for 50 million compromised records, the cost can be as high as $392 million.
- Phishing statistics can serve as a reliable visual of the real threat behind phishing attacks. With disparate sources online, we’ve put together data about the overall impact of phishing attacks.
Phishing Statistics Highlights
In 2022, in the US alone, phishing attacks led to a compromise of 300,497 accounts with a loss amounting to $52,089,159. Here are some other phishing statistics highlights:
- 36% of all data breaches in the US are caused by phishing attacks.
- Each year, 83% of all organizations experience a phishing attack.
- There was a 345% increase in unique phishing sites between 2020 and 2021.
- $4.91 million is the average cost of each phishing attack for corporations.
Top Phishing Attack Statistics 2024
Keeping up-to-date with the latest phishing attack statistics helps them keep up with the ever-changing world of cybersecurity. Here are the top most eye-opening phishing attack statistics you should know in 2024.
- When it contains familiar branding, 44% of people think an email is safe, but cybercriminals in 2022 exploited Microsoft products or branding in over 30 million malicious messages.
- There was a significant increase in telephone-oriented attack delivery attempts, with 300-400K made per day, and in August 2022, peaking at 600K per day.
- Direct financial loss in 2022 increased by 76% from successful phishing attacks.
- 75 million threats were blocked by user reporting, approximately 1 in 10
- 55% of phishing websites make use of targeted brand names, as per the F5 Labs Phishing and Fraud Report of 2020, to capture sensitive information with ease.
- As per 84% of US-based organizations, conducting regular security awareness training has reduced the rate at which working employees fall prey to phishing attacks.
- 92% of Australian companies were breached by a successful phishing attack, a 53% rise from the year 2021.
- Highly impersonated brands used for phishing are Google and Amazon at 13%, Whatsapp and Facebook at 9%, and Apple and Netflix at 2%.
- As per IBM’s 2022 Data Breach Report, breaches spawned by phishing took the third longest mean time to identify and rectify at 295 days.
- As per IBM’s 2022 Cost of Data Breach Report, the use of compromised or stolen credentials is the most recurrent cause of data breaches. In 19% of breaches this year, they were the primary attack vector – a small drop from 20% in 2021.:
- At 16% and costing $4.91m, phishing is the second most common cause of breaches.
Phishing Attacks Projections
Based on phishing statistics from the last year, we can expect a rise in a couple of key trends as we move into 2024. Here are some phishing attack projections for the year 2024.
Attacks will increase in sophistication
As per Zscaler’s ThreatLabs 2023 Phishing Report, the rapid proliferation of AI-powered software will lead to undetectable phishing attempts as AI-generation tools move closer to generating more authentic human-sounding material.
AI tools like ChatGPT can create polymorphic malware or other malicious code as well as fake login pages with minimal input or coding expertise from the user.
There will be more focused efforts on targeted ransomware
As per Kaspersky, cybercriminals will focus on landing one big payment from major corporations rather than a number of small payments from random targets. It predicts that rapid diversification will be a key practice in hacking into IoT devices like cars, smartwatches, and TVs.
An increase in TrickBot activity
As per Cofense, 2024 will see emerging trends in delivery methods for TrickBot, with organizations likely to be increasingly targeted by campaigns using CHM and LNK downloaders.
New commodity downloaders are expected
As per Cofense, citing high prices for the malware downloaders currently available in the market, there will be an emergence of a new, much more affordable malware downloader that could lead to severe repercussions in the phishing landscape.
Get ahead of breach scenarios
Phishing Attacks Trends
The current trend of events highly influences the methods employed by hackers to breach data. Here are a few key trends in phishing attacks in 2024:
War In Ukraine
Scammers and other malicious attackers are taking advantage of the war in Ukraine through donations and fundraising scams. Subject lines in emails such as “ Donate to save children of Ukraine” are used to target victims. Not only money but information, as well as cryptocurrency, is also stolen as part of this trend.
Ukraine war-related phishing statistics:
- A 7-fold increase was noticed in phishing emails in the Slavic language since the onset of the war.
- The impersonation of legitimate domains with a few unnoticeable components was the cause of most phishing attempts.
- Malware was placed on Ukrainian systems to wipe out the systems under the pretext of free data decryption.
- Hacking groups attempted in a mass phishing attack to hack military personnel’s email accounts, which, if successful, was used to collect confidential information and send further fake emails.
COVID-19
A slew of phishing attacks targeted at innocents was noticed with the onset of the pandemic through financial support pages as well as fake claims of payments and or donations, all for accessing sensitive information from users and extorting money.
COVID-19-specific statistics:
- 20% of organizations in the online working scenario suffered a security breach because of their remote setup.
- 28% of employees who work remotely admitted to the use of personal devices for work instead of using office-issued devices, thus creating a huge attack surface area for potential cyberattacks.
- In 2020, a few of the top COVID-19-related phishing keywords were virus, quarantine, corona, and COVID.
- During the pandemic, data-stealing malware such as Corona anti-locker ultimate and a variety of other threats were observed.
- The pandemic was the cause of nearly 2% of all malware spam.
Online Communication Platforms
Recent trends have also observed a rise in phishing attacks targeted at online communication platforms like Zoom, Microsoft Teams, Slack, and more. Using social media platforms, like Instagram, is another emerging attacking trend, and more through strangers’ messages, leading to account compromise by malicious attackers.
A few cyber attack statistics for communication platforms are:
- For as little as $0.0020 per account, 50,000 Zoom account details were auctioned off on the dark web.
- Mobile applications are the cause of 70% of online fraud.
- In 2019, data leakages were majorly caused by Facebook breaches.
- Phishing is the cause of nearly 8% of social media cyberattacks.
- 47% of all social media phishing attempts are caused by LinkedIn phishing messages.
Notable Incidents
Phishing attacks are one of the major causes of data breaches. They are aimed at exploiting human errors. Some of the largest phishing attack statistics are:
Russia/Ukraine hacking
Russia has aggressively pursued digital attacks as part of its ongoing war with Ukraine. These attacks have caused blackouts, stolen data, and released malware. In response, Ukraine has been causing massive data breaches via custom malware.
Lapsus$ extortion
The group Lapsus$, relying largely on phishing, went on a hacking spree at the beginning of this year. It has been stealing sensitive and valuable data from some of the biggest organizations in the world – including Samsung, Ubisoft, Microsoft, and Nvidia – before releasing it for money-making purposes.
Conti paralyzes Costa Rica
Costa Rica’s Ministry of Finance was attacked by another gang named Conti, which crippled the nation’s import and export businesses. The issue was declared a ‘national emergency,’ and this cyberattack has since cost Costa Rica millions of dollars.
2021 Colonial Pipeline attack
A massive cyber attack temporarily shut down the gasoline dispersal across the east coast of the USA called the 2021 Colonial Pipeline attack. To avoid crippling shortages, this triggered a state of emergency to be declared in 18 states and a ransom of $4.4 million was demanded to regain control of their systems.
2015 FACC Whaling Attack
FACC In late 2015, an aerospace company lost $47 million after a successful ‘whaling’ attack where the hackers impersonated the CEO Walter Stephen of FACC to get an employee to send money for an ‘acquisition project.’
2014 Sony Pictures Phishing Attack
Up to 100 terabytes of data leaked in the infamous 2014 Sony cyber attack, as