Phishing Statistics

IT Development Background
Share on facebook
Share on twitter
Share on linkedin

Phishing Statistics

  • Worldwide, 88% of organizations were targeted by spear phishing.
  • In the U.S., 65% of organizations suffered a successful phishing attack.
  • Phishing attacks, in 2018, cost on average 3.92 million dollars to the targeted organization.
  • 96% of phishing attacks are launched by email.
  • 65% of cybercriminals use spear phishing as the primary infection vector of targeted attacks.
  • 96% of phishing attacks are seeking to gather intelligence. Financial incentive is the motive for 6% of phishing attacks.
  • According to the FBI’s Internet Crime report, cybercriminals made $1.8 billion in 2019. Organizations reported only half that amount in losses.
  • In the second quarter of 2020, BEC attacks were responsible for an average loss of $80,183 per wire transfer. This is an increase from $54,000 in the first quarter.
  • Phishing attacks were present in 32% of all confirmed data breaches.
  • In 2019, human error data breaches cost an average of $3.5 million.
  • 57% of organizations reported being targeted by mobile phishing attacks.
  • In the first half of 2019, sextortion scams made $1.5million from victims.
  • 1 in 10 spear-phishing emails consists of sextortion attacks.
  • 71% of all sextortion victims are minors.
  • A new phishing site is created every 20 seconds.
  • Each month, there is1.5 million new phishing sites created.
  • Cybercrime rose 600% since the COVID-19 pandemic began.
  • Google blocked roughly 240 million COVID- related email spam messages per day in a one week period.
  • In a two week period, phishing attacks comprised 94% of coronavirus-related cyber attacks.
  • Sophisticated phishing emails are difficult to detect. 97% of users were unable to recognize one.
  • Users open 30% of phishing emails, and 12% click on the link or attachment.
  • 78% of users click on links in unsolicited emails, even though they report they are familiar with the risks.
  • 1 in every 8 employees will disclose information to a phishing site.
  • Since 2016, phishing emails that included ransomware rose to 97.25%.
  • In the first half of 2020, there were 540 data breaches documented in the U.S.
  • Phishing attacks were responsible for 22% of all data breaches in 2020.
  • 81% of all spear phishing attacks are brand impersonation scams.
  • 56% of  IT experts report that phishing attacks are their top security threat.
  • Six out of ten SMBs that are victimized by cybercrime fail within 6 months.
  • Nine out of ten phishing emails found their way past Secure Email Gateways, as reported by Cofense.

 

General Phishing Statistics

 

  • In 2020, 75% of global organizations reported being targeted by phishing attacks. (Proofpoint)
  • In the US, 74% of businesses suffered a successful phishing attack. (Proofpoint)
  • 96% of phishing attacks are launched by email. (Verizon DBIR)
  • 65% of cybercriminals use spear-phishing as the primary infection vector of targeted attacks. (Symantec)
  • Phishing attacks were present in 32% of all data breaches. ( Verizon DBIR)
  • 96% of phishing attacks are seeking to gather intelligence. The financial incentive is the motive for 6% of phishing attacks.
  • 57% of organizations reported being targeted by mobile phishing.
  • 1 in 10  spear-phishing emails involves sextortion attacks.
  • 71% of sextortion victims are minors.
  • A new phishing site is created every 20 seconds.
  • Each month,  there are 1.5 million new fishing sites created.
  • Cybercrime rose 600% since the Covid-19 pandemic began.
  • Google blocked roughly 240 million COVID- related email spam messages per day in a one-week period.
  • In a two-week period, phishing attacks comprised 94% of coronavirus-related cyber attacks.
  • Sophisticated phishing emails are difficult to detect. 97% of users were unable to recognize one.
  • Users open 30% of phishing emails, and 12% click on the link or attachment.
  • 78% of users click on links in unsolicited emails, even though they report they are familiar with the risks.
  • 1 in every 8 employees will disclose information to a phishing site.
  • Since 2016, phishing emails that included ransomware rose to 97.25%.
  • In the first half of 2020, there were 540 data breaches documented in the U.S.
  • Phishing attacks were responsible for 22% of all data breaches in 2020.
  • 81% of all spear-phishing attacks are brand impersonation scams.
  • 56% of  IT experts report that phishing attacks are their top security threat.
  • Six out of ten SMBs that are victimized by cybercrime fail within 6 months.
  • Nine out of ten phishing emails found their way past Secure Email Gateways, as reported by Cofense.

Vishing Statistics

 

  • Vishing is the use of mobile phone calls to glean personal data or money from a victim.
  • In 2017 only 3.7% of all incoming mobile calls were spam, that number increased to 30% in 2018.
  • 75% of vishing victims report that scammers had personal information which they used to impersonate legitimate companies and gain further data, which led to financial losses. (First Orion)
  • In 2018, 49% of surveyed infosec professionals reported experiencing vishing or smishing. (First Orion)
  • Only 18% of professionals surveyed understood and identified vishing accurately. (First Orion)
  • !9% of surveyed professionals had only a partial understanding of vishing. (First Orion)
  • 63%  of these professionals had no idea even what visihing is. (First Orion)

According to the 2019 Scams Trends and Projections report:

  •  39% of scammers knew the victim’s home address.
  • 1 out of 3 victims who lost $1000 or more believed they were interacting with a business they knew.
  • Scammers knew all or part of 75% of victims’ social security numbers.

Smishing Statistics and Facts

 

  • Smishing is the use of text messages in an attempt to glean information or money from a victim.
  • According to a recent Proofpoint study, only 23% of mobile phone users ages 55 or older were able to accurately identify smishing.
  • Only 34% of people aged 23 to 38 could correctly define smishing attacks. (Proofpoint)
  • In 2020, there was a 328% increase in smishing attacks. (Proofpoint)
  • In the UK, 846,000 people were targeted in a tax smishing scheme. (HMRC)
  • Smishing is the most prevalent mobile-based phishing scam with 17.3% of attacks arriving through text messages. (Wandera)

The following are common types of smishing attacks launched in 2021:

 

  • Family Emergency Scams. These attacks are used to generate panic and quick response, often claiming a family member is in the hospital or in jail. 
  • Debt Scams. Debt collecting companies have threatened or intimidated people by pretending to be lawyers or government agents. It is a law that they have to correctly identify themselves. You should never make any form of payment through text messaging.
  • Reactivation Scams. This type of scam will attempt to get you to text a phone number to reactivate an account that has supposedly been compromised. 
  • Refund Scam. You may receive a text stating that you were overcharged for some transaction and are receiving a refund. The scammer will request personal data in order to complete the refund.

 

Phishing, Smishing, and Vishing Costs

 

  • Phishing attacks, in 2018, cost on average 3.92 million dollars to the targeted organization.
  • According to the FBI’s Internet Crime Report, cybercriminals made $1.8 billion in 2019. Organizations reported only half that amount in losses.
  • In the second quarter of 2020, BEC attacks were responsible for an average loss of $80,183 per wire transfer. This is an increase from $54,000 in the first quarter.
  • In 2019, human error data breaches cost an average of $3.5 million.
  • In the first half of 2019, sextortion scams made $1.5million from victims.
  • Between June 2016 and July 2019 phishing victims in Europe lost 26 billion dollars. (European Payments Council)
 

We want to hear from you

Our team of experienced security engineers and CISO’s takes the complexity out of cybersecurity. We work with companies across a range of industries to meet cybersecurity compliance requirements and improve companies’ cybersecurity programs.

Share this post with your friends

Share on facebook
Share on google
Share on twitter
Share on linkedin