Top 13 Phishing Attack Statistics in 2023

Phishing, a persistent cyber-security threat, still needs our attention despite growing complacency risks. In this blog, we’ve collected all the phishing statistics from various sources and presented them in an easy-to-understand way.

Google fights off 100 million phishing emails each day. In 2022, over 48% of emails were spam, with one in five phishing attacks hailing from Russia. Also, younger users like millennial’s and Gen-Z are more prone to phishing scams, highlighting the need for ongoing awareness and protection.

Top Phishing Attack Statistics 2023

92% of companies faced phishing attacks in 2022
Phishing is the most common type of scam reported to the FBI
97% of people can’t identify phishing emails
One in every 99 emails is a phishing attack
30% of phishing messages are opened
52% of worldwide phishing attacks target LinkedIn
87.2% of the time, ChatGPT detected phishing links accurately
27.7% of phishing attacks worldwide targeted financial institutions
29.82% of global spam e-mails originated from IPs in Russia
Approximately 3.4 billion spam emails are sent daily with over 48% of all emails being spam
90% of phishing attacks are sent via WhatsApp
Almost half of the phishing email attachments received are in the form of Microsoft documents
Email-based phishing attacks Increased by 464% In 1st Half of 2023

92% Of Companies Faced Phishing Attacks In 2022

Domain Type	Percentage (%)
.com	54
.net	9
Other	37

92% of organizations have fallen victim to phishing attacks in 2022. This accounts for the 29% increase in phishing incidents from 2021. Over 21 million phishing attempts were detected in 2021 and in 2022 over 48% of emails were spam, nearing 15 million.[1]

In 2022, URLs in phishing emails, over 54%, were directed to sites with a ‘.com‘ domain. Following that, the ‘.net‘ domain was the next popular choice, making up just under 9%.

The most common domain names with ‘.com’ for the second quarter of 2022 are Adobe, Google, MyPortfolio, Backblazeb2, and Weebly.[2]

Phishing Is The Most Common Type Of Scam Reported To The FBI

According to the FBI’s 2022 Internet Crime Complaint Center (IC3) report [3], there were a total of 800,944 phishing scams reported complaints in 2022, resulting in losses exceeding $10.3 billion. People aged 30-39 reported the most incidents, but those aged 60 and older suffered the greatest financial losses.

The top reported incidents in 2022 included phishing, personal data breaches, and non-payment/non-delivery. Although phishing ranked first.

In state rankings, Illinois had the 5th highest number of victims (14,786) and the 7th highest victim dollar loss ($266.7 million). The most significant financial losses in Illinois were due to the Business Email Compromise (BEC), followed by investment fraud and tech support scams.

97% Of People Cannot Identify Phishing Emails

An Intel Security Quiz reveals that 97% of people around the globe are unable to identify a sophisticated phishing email so cyber criminals are still successfully tricking people into giving away personal information or downloading malware.[4]

Four key identifiers of a phishing email:

URL in the email doesn’t match the business or individual
The email address and sender don’t line up
Spelling and grammar mistakes
Requests personal information

One In Every 99 Emails Is A Phishing Attack

Phishing Email Type	Percentage
Malware	50.6%
Login Credential Theft	41.0%
Extortion Attempts	8.0%
Spearphishing Attempts	0.4%

In a study analyzing 55.5 million emails, it was discovered that one in every 99 emails is a phishing attack. 25% of these phishing attempts manage to get past the default security measures in Office 365. These cloud-based attacks take advantage of the connected nature of cloud email to potentially access other accounts, like cloud file sharing or HR systems.

Out of the examined phishing emails, 50.6% contained malware, about 41% aimed to steal login details, 8% were extortion attempts, and a small fraction, 0.4%, were spearphishing attempts.[5]

30% Of Phishing Messages Are Opened

Phishing Email Word	Percentage
urgent	8%
important updates	8%
important	5.4%
attention	2.3%

Nearly 30 % of phishing emails are opened increasing the chances of opening or downloading from malicious links that contain ransomware or malware. The most commonly used words for phishing e-mails are urgent(8%), important updates(8%), important(5.4%) and attention(2.3%).

Phishers are now using tools like ChatGPT, moving beyond just email phishing. They are creating more convincing phishing emails with language that matches the target organization.[11]

52% Of Worldwide Phishing Attacks Target LinkedIn

The Top 5 Most Imitated Brands In Quarter 1 Of 2022 Were:

Source	Percentage
LinkedIn	52%
DHL	14%
Google	7%
Microsoft	6%
FedEx	6%

LinkedIn, with its wide user base of over 850 million people from over 200 regions, is a prime target for email phishing scams. In early 2021, 42% of clicked phishing emails pretended to be from LinkedIn, making it the top clicked social media mail, followed by Facebook and Twitter.

Hackers often target individuals who’ve recently changed jobs on LinkedIn, impersonating higher-ups to get personal info or tricking them into buying gift cards. Since 2021, phishing scams using LinkedIn’s name have been rampant, and by early 2022, LinkedIn became the most imitated brand in phishing attacks globally, with 52% of such attacks pretending to be LinkedIn.[2]

87.2% Of The Time, ChatGPT Detected Phishing Links Accurately

Securelist found that ChatGPT-3 was good at catching phishing links and detecting phishing links 87.2% of the time, but it also made mistakes 23.2% of the time.[6]

Zscaler’s 2023 Phishing Report reveals that AI tools like ChatGPT can easily make fake login pages and even craft tricky malicious software. But on the flip side, the same AI tools like ChatGPT can be used to catch phishing links. However, it’s not perfect yet.[7]

According to a report by Network Assured reveals that ChatGPT is already Involved in data leaks, phishing scams, and malware Infections. There’s a 135% increase in novel phishing attacks and hackers are now using tools like ChatGPT to create more convincing phishing emails using sophisticated language.[8]

27.7% Percent Of Phishing Attacks Worldwide Targeted Financial Institutions

Sectors	Percentage
Financial Institution	27.7%
SaaS/Webmail	17.7%
Social Media	10.4%
Logistics/Shipping	9.0%
Payment	6.0%
E-Commerce/Retail	5.6%
Telecom	3.1%
Cryptocurrency	2.3%
Other	18.2%

According to the “Phishing Activity Trends Report Q4 2022”[14] survey conducted by APWG, in the last part of 2022, 27.7% of phishing attacks worldwide were directed at financial institutions. Furthermore, web-based software services and webmail accounted for nearly 17.7% of these attacks, while social media platforms followed closely with approximately 10.4% of all recorded phishing attempts during that period.[12]

Unfortunately, AWPG doesn’t say what was included in its “Other category”, but according to “Phishing statistics and facts for 2019–2023 by Comparitech,[5] it could include:

Streaming services
Online gaming accounts
Subscription platforms like Patreon, Onlyfans, etc
Reward program accounts
GitHub accounts

29.82% Of Global Spam E-Mails Originated From IPs In Russia

Country	Percentage
Russia	29.82%
China	14.00%
United States	10.71%
Germany	5.19%
Netherlands	3.70%
Japan	3.25%
Brazil	3.18%
Great Britain	2.44%
France	2.27%
India	1.82%

According to a study by Statista, In 2022, Russia ranked first by its share of unsolicited spam e-mails. Overall, 29.82% of global spam e-mails originated from IPs in Russia. China ranked second, with 14%. The United States followed, accounting for over 10.71% of global unsolicited spam e-mails during the measured period.[13]

Approximately 3.4 Billion Spam Emails Are Sent Daily – Over 48% Of All Emails Are Spam

There are an estimated 3.4 billion spam emails sent out every day. Google, which is also one of the biggest email service providers in the world, blocks around 100 million phishing emails daily. Statistics also show that over 48% of emails sent in 2022 were spam.[2]

90% Of Phishing Attacks Are Sent Via WhatsApp

Out of all phishing attacks in messaging apps, 90% occur on WhatsApp, while Telegram is the next highest at 5.04%.[9]

Almost Half Of The phishing E-mail Attachments Received Are In The Form Of Microsoft Documents

File Type	Percentage
Word	39.3%
Executable	19.5%
Rich Text	14%
Excel	8.7%

Phishing attacks often come in the form of email attachments, disguised as harmless Microsoft documents. These attachments may appear to be Word documents, Excel spreadsheets, or Rich Text files but could contain malicious code.

Once opened, they may execute unwanted actions, like downloading malware onto your system. Therefore, it’s crucial to avoid opening unexpected attachments, even if they look like ordinary documents, to protect your computer and personal information.[11]

Email-Based Phishing Attacks Increased By 464% In 1st Half Of 2023

In the initial half of 2023, email phishing attacks increased by 464% compared to the previous year, according to Acronis, a global leader in cyber protection.

Additionally, the Swiss tech company Acronis noted a 24% increase in attacks for each organization. The report also pointed out a 15% rise in harmful files and links in emails.

Cybercriminals are using large language models (LLMs) such as Google Bard or ChatGPT to blend stolen information with AI-generated text when crafting emails. This helps them create, automate, and make their cyber attacks more powerful and widespread.[10]

Conclusion

Phishing continues to be a prevalent threat, impacting numerous organizations and individuals worldwide, affecting 92% of companies in 2022 and seeing a 464% increase in email scams in early 2023. About 3.4 billion spam emails are sent daily, and 30% of phishing messages get opened.

LinkedIn is the most imitated brand in these attacks and 28% of them target banks. Despite AI tools like ChatGPT being able to spot 87.2% of phishing links, almost half of the harmful email attachments come in the form of Microsoft documents with 97% of people unable to spot scams.