Phishing Attack Statistics

Phishing Attack Statistics: Unveiling the Latest Trends and Insights

Phishing attacks remain a persistent threat in today’s digital landscape, with a staggering 1.2% of all emails sent harboring malicious intent. This translates to approximately 3.4 billion dubious emails sent daily. By 2023, more than 33 million records are expected to be compromised through ransomware and phishing attacks at a frequency of one attack every 11 seconds.

Understanding the mechanics and impact of these pervasive cyber threats is crucial to safeguarding your valuable information. This article offers an in-depth analysis of the top phishing attack trends and statistics for 2023 to help you stay informed and vigilant in the ever-evolving digital world.

Key Takeaways

  • Phishing emails flood inboxes, with 1.2% of all emails containing malicious content.
  • By 2023, ransomware and phishing attacks will compromise 33 million records.
  • Staying informed about phishing trends and statistics is essential for protecting your data and privacy.

Top Phishing Attack Statistics of 2023

In 2023, it is observed that 55% of phishing websites cleverly use well-known brand names to easily obtain sensitive information, as per a study by F5 Labs. With regular security awareness training, 84% of organizations in the United States have managed to lower employee susceptibility to phishing attacks.

Moving to Australia, there has been a staggering 53% increase from 2021, with 92% of companies falling victim to successful phishing attacks. In terms of frequently impersonated brands, Amazon and Google lead at 13%, followed by Facebook and Whatsapp at 9%, and Netflix and Apple at 2%.

Furthermore, breaches resulting from phishing attacks rank third for the longest mean time to identify and contain, taking around 295 days as reported by IBM in 2022.

Phishing Attack Statistics 2023

Cyber Attacks Involving Phishing

Phishing attacks contribute to about 22% of all data breaches. According to the FBI’s 2021 IC3 Report, 83% of companies were subjected to phishing attacks in 2021.

Frequency of Phishing Attacks

As per Verizon’s 2022 report, 36% of data breaches involved phishing. By 2022, it was predicted that ransomware or phishing attacks would happen every 11 seconds.

Daily Phishing Email Volume

Around 1.2% of all emails sent daily are malicious, which equals approximately 3.4 billion phishing emails. For every 4,200 emails sent, one is likely a phishing scam.

Daily Spear-Phishing Attacks on Businesses

Norton statistics show that 88% of organizations experience spear-phishing attacks yearly, implying businesses are targeted nearly every day. Symantec’s 2019 Threat Report indicated that 65% of cyber-attacks occur through spear-phishing.

Annual Monetary Losses from Email Scams

Phishing was the second most common reason for data breaches, with an average cost of $4.91 million per breach. Compromised emails led to around $1.8 billion in losses, based on 19,369 complaints.

Recent Phishing Email Trends

Out of 100 million phishing emails blocked by Gmail filters, 68% were new scams. Two-thirds of these emails had no subject line. When used, common subject lines included “Fax delivery report” (9%) and “business proposal request” (6%).

Phishing’s Role in Cybercrime

IBM revealed that phishing makes up 16% of cybercrime attack vectors, with an average cost of $4.91 million per breach. According to Cofense’s Q3 2021 phishing review, 93% of modern breaches involve phishing.

Opening Phishing Emails and Malware Risk

About 30% of phishing emails are opened, increasing the risk of opening or downloading malicious links containing malware or ransomware. Commonly used words in phishing emails include important (5.4%), attention (2.3%), urgent (8%), and important updates (8%).

BEC Phishing Scams in 2020-2021

BEC attacks requesting wire transfers increased from $71,000 to $106,000 between 2020 and 2021. Roughly 24% of all BEC phishing scams in 2021 targeted employee payroll deposits.

The High Cost of Phishing Attacks in 2021

Phishing attacks in 2021 were the costliest in the past 17 years, averaging around $4.6 million, as reported by IBM’s Cost of Data Breach Report.

Data Breach Costs During Remote Work

Organizations that didn’t adapt their IT to cope with the pandemic faced breaches costing $5.01 million on average. The average data breach cost during remote work was $1 million higher than before the pandemic.

Phishing Scam Percentages

  • 75% more phishing sites compared to malware sites.
  • 50% of phishing websites used SSL certificates.
  • 61% of study subjects couldn’t differentiate between real and fake Amazon login pages.
  • 10% of phishing attacks aimed to disrupt site services, 6% sought financial gain.
  • 62% of non-cybersecurity error/misuse attacks involved stolen info from phishing or brute-force attacks.
  • 96% of threat actors used spear-phishing for intelligence gathering.
  • 50% of attachments in phishing emails were Microsoft documents, like Word (39.3%), Executable (19.5%), Rich Text (14%), and Excel (8.7%).

Phishing websites often used .com domains (40%), with some hosted on other reputable domains like .org (1.8%) and .net (3%). About 32% of phishing websites utilized HTTPS in 2020 for a false sense of security.

Phishing Attack Costs

Phishing attacks have become increasingly costly, as evidenced by Facebook and Google’s $100 million loss in 2017. Some noteworthy statistics include:

  • $150 average cost per compromised record in data breaches in 2018.
  • 791,790 complaints in 2020, with over $4.1 billion in losses.
  • $2.3 million cost difference between largely compliant and non-compliant companies.
  • The US’s highest rate of costly data breaches in 2021 was $9.05 million (IBM).

COVID-19 and Phishing

The COVID-19 pandemic led to increased phishing attacks targeting those searching for pandemic-related information or financial support. Some instances include:

  • Over 450 COVID-19-related financial support scams.
  • Impersonation of authoritative bodies like the CDC and WHO to facilitate scams.
  • A 43% increase in web application-related breaches since 2019.
  • Scams have spiked by 400% since March 2020, making COVID-19 one of the largest causes of security risks ever.

Industries Often Targeted and Their Effects

1. Tech Companies

You might believe that technology-focused businesses have impeccable security systems to prevent phishing and other scams, but resource allocation can vary significantly. Tech firms must prioritize staff and company data protection.

Phishing statistics in technology:

  • 82% of CIOs think their software supply chain securities are inadequate.
  • There was a 50% increase in cyberattacks per week on corporate networks globally in 2021.
  • Global losses rose by 65% between July 2019 and December 2021.
  • In 2021, businesses lost nearly 1.7 billion per minute.
  • About 80% of reported cybercrimes in the tech sector are attributed to phishing attacks.

2. Healthcare Industry

The healthcare sector, among the primary targets for phishing scams, faced heightened threats during the pandemic. Private patient information is highly valuable for identity theft, insurance fraud, etc. The transition from paper to digital storage brings additional security risks.

Phishing statistics in healthcare:

  • 90% of healthcare organizations have experienced at least one security breach in recent years.
  • Phishing and other cyberattacks increased by 75% in 2021.
  • 30% of data breaches occur in large hospitals, exposing patients’ private health information.

3. Small and Medium-sized Enterprises (SMEs)

Scammers often target SMEs instead of well-established companies with robust security. SMEs tend to have weaker security measures, making them more attractive targets. They may lack dedicated cybersecurity personnel or resources for effective protection.

Phishing statistics in SMEs:

  • Only 14% of SMEs implement a cybersecurity plan.
  • Cybercrime costs are expected to rise 15% in the next five years, reaching 10.5 trillion by 2025.
  • Small businesses account for 43% of cyberattacks annually.
  • SMEs lose an average of $25,000.
  • In addition to phishing, credential theft, and stolen devices are common cyber threats to SMEs.

4. Education Sector

The education sector, a personal data hub, is highly susceptible to phishing and scams. Institutions store information such as addresses, passwords, and identification documents. Security risks extend beyond student and faculty data to include sensitive research information.

Phishing statistics in the education sector:

  • Educational institutions experienced a 75% increase in cyber-attacks.
  • Malware scams predominantly affect the education sector.
  • In terms of phishing scam protection, educational institutions rank the lowest.

Trends in Phishing Scams

1. Pandemic-Related Scams

During the COVID-19 pandemic, phishing attacks targeted victims using fake donation and financial support pages, stealing sensitive information and money. Some noteworthy statistics include:

  • About 20% of organizations experienced security breaches due to remote workers.
  • Approximately 28% of remote employees used personal devices, increasing the risk of cyberattacks.
  • Top phishing keywords in 2020 included “virus,” “corona,” “quarantine,” and “COVID.”
  • Malware such as Corona anti-locker ultimately emerged, posing various threats.
  • Roughly 2% of all malware spam was related to the pandemic.

2. Conflict in Ukraine

The conflict in Ukraine provided opportunities for scammers and attackers to exploit donation and fundraising scams. They targeted victims via emails, stealing money, cryptocurrency, and information. Some important figures on this trend are:

  • Phishing emails in Slavic languages have increased seven times since the start of the conflict.
  • Most phishing attempts involve impersonation of legitimate domains with minor, unnoticeable changes.
  • Malicious actors offered free data decryption only to deploy malware on Ukrainian systems.
  • Hacking groups attempted mass phishing attacks on military personnel’s email accounts to gather sensitive information.

3. Online Communication Platforms

Phishing attacks have also targeted users on online communication platforms such as Zoom, Slack, Microsoft Teams, and social media sites like Instagram. Some key statistics in this area are:

  • Over 50,000 Zoom account details were sold on the dark web for as little as $0.0020 per account.
  • A significant portion of online fraud (70%) occurs through mobile applications.
  • In 2019, Facebook breaches caused major data leakages.
  • Nearly 8% of social media cyberattacks involve phishing.
  • LinkedIn phishing messages make up 47% of all social media phishing attempts.

Understanding Various Phishing Attack Types

1. Targeted Phishing

In a typical phishing scenario, you might encounter unfamiliar websites or unrequested emails. These are fairly easy to recognize. However, targeted phishing (also known as spear phishing) is much more devious, as the emails appear to be personalized and might resemble websites you’ve previously visited. This makes identifying them as scams more challenging.

  • 65% of attackers prefer targeted phishing as their main attack method.
  • Nearly 71% of all targeted attacks use spear phishing.
  • In 2012, almost 90% of cyber attacks were carried out through spear phishing.

2. Credential and File Extension Phishing

Phishing schemes often use popular file extensions like .pdf, .html, and .htm, as well as well-known platforms like Google and Adobe. Credential phishing seeks to steal users’ login information from such platforms.

  • Malicious PDF files spiked in 2020, affecting more than 5 million users.
  • Fake CAPTCHAs in PDF files were employed to trick users.
  • In 2021, 52% of companies saw their credentials compromised to access sensitive information.
  • PDF files represent 14% of malicious file extensions, while others like .zip and .jar account for about 37%.

Tips to Thwart Phishing Attacks

Implement Multifactor Authentication

Using two-factor or multifactor authentication significantly reduces your vulnerability to phishing attacks. Even if a phishing attempt is successful, the stolen data becomes useless due to the added authentication layers.

Invest in Cybersecurity Software

A robust cybersecurity software solution can detect and block phishing attempts, keeping your data and systems safe.

Train Employees

Offering regular training on secure data handling practices, phishing email recognition techniques, and device security can drastically decrease the likelihood of falling victim to a phishing scheme.

Remain Cautious with Emails

When examining suspicious emails, look for red flags such as spelling errors, urgent subject lines, and company details. Verify any previous communication from the sender and assess the trustworthiness of the email before engaging.

How Many Phishing Attacks Have Taken Place in 2023?

As of October 3, 2023, you’ve likely been aware of the ongoing threat of phishing attacks. In this digital age, cybercriminals constantly find new ways to exploit vulnerabilities in systems and unsuspecting victims like you. While it’s difficult to provide precise numbers, it’s crucial to understand how widespread these phishing attacks have been throughout this year.

Based on industry reports, some key facts and figures include:

  • Phishing attacks: An estimated 70% increase over the previous year, affecting millions of individuals and businesses worldwide.
  • Top targeted industries: Financial services (28%), healthcare (17%), and retail (16%).
  • Perpetrators: Cybercriminal groups focusing on data breaches, ransomware, and other malicious activities.
  • Methods: Email is the most common delivery method for phishing attacks (over 90%), followed by websites and social media.

As the threat landscape evolves, you should know these phishing attack statistics and adopt effective strategies for safeguarding your personal and professional information. Stay vigilant and stay safe in the digital world.

Identifying the Phishing Attacks Aimed at Specific Users or Groups

When it comes to phishing attacks, one type specifically targets particular users or groups. This type of phishing attack is called “spear phishing.” In spear phishing, cybercriminals gather information about their intended target, such as their name, workplace, or personal interests. Using this personalized information, they craft seemingly legitimate emails, often posing as a known entity, to deceive the target into falling for the scam.

Spear phishing attacks pose a significant risk due to their tailored nature. Since these attacks are highly customized and believable, they more successfully convince the targets to click on malicious links or share sensitive information.

Phishing attack statistics related to spear phishing:

  • Increase in attacks: The frequency of spear phishing attacks has steadily risen, with a 667% increase in reported cases from February to March 2020.
  • Targeted sectors: Certain industries, such as finance, healthcare, and technology, are more prone to spear phishing attacks due to the value of sensitive information they handle.
  • Financial losses: Spear phishing accounts for more substantial financial losses than most other types of cyber attacks, with an estimated average loss of $1.6 million per attack.

To protect against spear phishing, you can follow these steps:

  1. Verify email sources: Always double-check the sender’s email address and confirm it is from a legitimate source.
  2. Be cautious with links: Don’t click on suspicious links or download attachments from unknown senders.
  3. Educate employees: Regularly train your team to recognize and report spear phishing emails, creating a strong defense against such attacks.
  4. Implement security measures: Use multi-factor authentication, antivirus software, and email filters to prevent cybercriminals from accessing sensitive accounts.

By learning about spear phishing and applying these protective measures, you can reduce the risk of falling victim to this targeted phishing attack.

Wrapping Up

The landscape of cybersecurity is continuously evolving, and understanding the statistics and facts related to its risks – such as phishing and other scams – is essential. In this article, we’ve examined the phishing attack statistics for 2023, the primary sectors affected by these attacks, and the latest trends in phishing.

Quick Facts:

  • Spear-phishing is a type of phishing attack that targets specific users or groups with tailored content to entice them. This method is chosen by 65% of attackers as their preferred approach.
  • In 2022, there were approximately 255 million phishing attacks, representing a 61% increase in phishing attack percentage from 2021, according to a report by VentureBeat.

By staying informed and vigilant, you can better protect yourself and your organization from these ever-changing cybersecurity threats. Knowledge is power, and staying up-to-date on the latest trends and figures in cybersecurity can make a significant difference in staying one step ahead of attackers.