Phishing, a persistent cyber-security threat, still needs our attention despite growing complacency risks. In this blog, we’ve collected all the phishing statistics from various sources and presented them in an easy-to-understand way.

Google fights off 100 million phishing emails each day. In 2022, over 48% of emails were spam, with one in five phishing attacks hailing from Russia. Also, younger users like millennial’s and Gen-Z are more prone to phishing scams, highlighting the need for ongoing awareness and protection.

Phishing Attack Statistics

Top Phishing Attack Statistics 2023

    • 92% of companies faced phishing attacks in 2022
    • Phishing is the most common type of scam reported to the FBI
    • 97% of people can’t identify phishing emails
    • One in every 99 emails is a phishing attack
    • 30% of phishing messages are opened
    • 52% of worldwide phishing attacks target LinkedIn
    • 87.2% of the time, ChatGPT detected phishing links accurately
    • 27.7% of phishing attacks worldwide targeted financial institutions
    • 29.82% of global spam e-mails originated from IPs in Russia
    • Approximately 3.4 billion spam emails are sent daily with over 48% of all emails being spam
    • 90% of phishing attacks are sent via WhatsApp
    • Almost half of the phishing email attachments received are in the form of Microsoft documents
    • Email-based phishing attacks Increased by 464% In 1st Half of 2023

92% Of Companies Faced Phishing Attacks In 2022

Domain Type Percentage (%)
.com 54
.net 9
Other 37

92% of organizations have fallen victim to phishing attacks in 2022. This accounts for the 29% increase in phishing incidents from 2021. Over 21 million phishing attempts were detected in 2021 and in 2022 over 48% of emails were spam, nearing 15 million.[1]

In 2022, URLs in phishing emails, over 54%, were directed to sites with a ‘.com‘ domain. Following that, the ‘.net‘ domain was the next popular choice, making up just under 9%.

The most common domain names with ‘.com’ for the second quarter of 2022 are Adobe, Google, MyPortfolio, Backblazeb2, and Weebly.[2]

Phishing Is The Most Common Type Of Scam Reported To The FBI

According to the FBI’s 2022 Internet Crime Complaint Center (IC3) report [3], there were a total of 800,944 phishing scams reported complaints in 2022, resulting in losses exceeding $10.3 billion. People aged 30-39 reported the most incidents, but those aged 60 and older suffered the greatest financial losses.

The top reported incidents in 2022 included phishing, personal data breaches, and non-payment/non-delivery. Although phishing ranked first.

In state rankings, Illinois had the 5th highest number of victims (14,786) and the 7th highest victim dollar loss ($266.7 million). The most significant financial losses in Illinois were due to the Business Email Compromise (BEC), followed by investment fraud and tech support scams.

97% Of People Cannot Identify Phishing Emails

An Intel Security Quiz reveals that 97% of people around the globe are unable to identify a sophisticated phishing email so cyber criminals are still successfully tricking people into giving away personal information or downloading malware.[4]

Four key identifiers of a phishing email:

    • URL in the email doesn’t match the business or individual
    • The email address and sender don’t line up
    • Spelling and grammar mistakes
    • Requests personal information

One In Every 99 Emails Is A Phishing Attack

Phishing Email Type Percentage
Malware 50.6%
Login Credential Theft 41.0%
Extortion Attempts 8.0%
Spearphishing Attempts 0.4%

In a study analyzing 55.5 million emails, it was discovered that one in every 99 emails is a phishing attack. 25% of these phishing attempts manage to get past the default security measures in Office 365. These cloud-based attacks take advantage of the connected nature of cloud email to potentially access other accounts, like cloud file sharing or HR systems.

Out of the examined phishing emails, 50.6% contained malware, about 41% aimed to steal login details, 8% were extortion attempts, and a small fraction, 0.4%, were spearphishing attempts.[5]

30% Of Phishing Messages Are Opened

Phishing Email Word Percentage
urgent 8%
important updates 8%
important 5.4%
attention 2.3%

Nearly 30 % of phishing emails are opened increasing the chances of opening or downloading from malicious links that contain ransomware or malware. The most commonly used words for phishing e-mails are urgent(8%), important updates(8%), important(5.4%) and attention(2.3%).

Phishers are now using tools like ChatGPT, moving beyond just email phishing. They are creating more convincing phishing emails with language that matches the target organization.[11]

52% Of Worldwide Phishing Attacks Target LinkedIn

The Top 5 Most Imitated Brands In Quarter 1 Of 2022 Were:

Source Percentage
LinkedIn 52%
DHL 14%
Google 7%
Microsoft 6%
FedEx 6%

LinkedIn, with its wide user base of over 850 million people from over 200 regions, is a prime target for email phishing scams. In early 2021, 42% of clicked phishing emails pretended to be from LinkedIn, making it the top clicked social media mail, followed by Facebook and Twitter.

Hackers often target individuals who’ve recently changed jobs on LinkedIn, impersonating higher-ups to get personal info or tricking them into buying gift cards. Since 2021, phishing scams using LinkedIn’s name have been rampant, and by early 2022, LinkedIn became the most imitated brand in phishing attacks globally, with 52% of such attacks pretending to be LinkedIn.[2]

87.2% Of The Time, ChatGPT Detected Phishing Links Accurately

Securelist found that ChatGPT-3 was good at catching phishing links and detecting phishing links 87.2% of the time, but it also made mistakes 23.2% of the time.[6]

Zscaler’s 2023 Phishing Report reveals that AI tools like ChatGPT can easily make fake login pages and even craft tricky malicious software. But on the flip side, the same AI tools like ChatGPT can be used to catch phishing links. However, it’s not perfect yet.[7]

According to a report by Network Assured reveals that ChatGPT is already Involved in data leaks, phishing scams, and malware Infections. There’s a 135% increase in novel phishing attacks and hackers are now using tools like ChatGPT to create more convincing phishing emails using sophisticated language.[8]

27.7% Percent Of Phishing Attacks Worldwide Targeted Financial Institutions

Sectors Percentage
Financial Institution 27.7%
SaaS/Webmail 17.7%
Social Media 10.4%
Logistics/Shipping 9.0%
Payment 6.0%
E-Commerce/Retail 5.6%
Telecom 3.1%
Cryptocurrency 2.3%
Other 18.2%

According to the “Phishing Activity Trends Report Q4 2022”[14] survey conducted by APWG, in the last part of 2022, 27.7% of phishing attacks worldwide were directed at financial institutions. Furthermore, web-based software services and webmail accounted for nearly 17.7% of these attacks, while social media platforms followed closely with approximately 10.4% of all recorded phishing attempts during that period.[12]

Unfortunately, AWPG doesn’t say what was included in its “Other category”, but according to “Phishing statistics and facts for 2019–2023 by Comparitech,[5] it could include:

    • Streaming services
    • Online gaming accounts
    • Subscription platforms like Patreon, Onlyfans, etc
    • Reward program accounts
    • GitHub accounts

29.82% Of Global Spam E-Mails Originated From IPs In Russia

Country Percentage
Russia 29.82%
China 14.00%
United States 10.71%
Germany 5.19%
Netherlands 3.70%
Japan 3.25%
Brazil 3.18%
Great Britain 2.44%
France 2.27%
India 1.82%

According to a study by Statista, In 2022, Russia ranked first by its share of unsolicited spam e-mails. Overall, 29.82% of global spam e-mails originated from IPs in Russia. China ranked second, with 14%. The United States followed, accounting for over 10.71% of global unsolicited spam e-mails during the measured period.[13]

Approximately 3.4 Billion Spam Emails Are Sent Daily – Over 48% Of All Emails Are Spam

There are an estimated 3.4 billion spam emails sent out every day. Google, which is also one of the biggest email service providers in the world, blocks around 100 million phishing emails daily. Statistics also show that over 48% of emails sent in 2022 were spam.[2]

90% Of Phishing Attacks Are Sent Via WhatsApp

Out of all phishing attacks in messaging apps, 90% occur on WhatsApp, while Telegram is the next highest at 5.04%.[9]

Almost Half Of The phishing E-mail Attachments Received Are In The Form Of Microsoft Documents

File Type Percentage
Word 39.3%
Executable 19.5%
Rich Text 14%
Excel 8.7%

Phishing attacks often come in the form of email attachments, disguised as harmless Microsoft documents. These attachments may appear to be Word documents, Excel spreadsheets, or Rich Text files but could contain malicious code.

Once opened, they may execute unwanted actions, like downloading malware onto your system. Therefore, it’s crucial to avoid opening unexpected attachments, even if they look like ordinary documents, to protect your computer and personal information.[11]

Email-Based Phishing Attacks Increased By 464% In 1st Half Of 2023

In the initial half of 2023, email phishing attacks increased by 464% compared to the previous year, according to Acronis, a global leader in cyber protection.

Additionally, the Swiss tech company Acronis noted a 24% increase in attacks for each organization. The report also pointed out a 15% rise in harmful files and links in emails.

Cybercriminals are using large language models (LLMs) such as Google Bard or ChatGPT to blend stolen information with AI-generated text when crafting emails. This helps them create, automate, and make their cyber attacks more powerful and widespread.[10]

Conclusion

Phishing continues to be a prevalent threat, impacting numerous organizations and individuals worldwide, affecting 92% of companies in 2022 and seeing a 464% increase in email scams in early 2023. About 3.4 billion spam emails are sent daily, and 30% of phishing messages get opened.

LinkedIn is the most imitated brand in these attacks and 28% of them target banks. Despite AI tools like ChatGPT being able to spot 87.2% of phishing links, almost half of the harmful email attachments come in the form of Microsoft documents with 97% of people unable to spot scams.

Footnotes

    1. TrendMicro – Worldwide Email Phishing Stats & Examples 2023
    1. AAG-IT – The Latest Phishing Statistics
    1. FBI – Internet Crime Complaint Center Releases 2022 Statistics
    1. 97% of People Globally Can’t Identify Phishing Emails
    1. 25% of Phishing Attacks Bypass Office 365 Security: TrendMicro Report
    1. Securelist Investigation ChatGPT Phishing Detection Capabilities
    1. Zscaler ThreatLabz 2023 Phishing Report
    1. ChatGPT Involved in Data Leaks, Phishing Scams & Malware: NetworkAssured
    1. MarketSplash – Phishing Statistics
    1. Acronis report reveals a 464% increase in cyber email attacks
    1. Getastra top phishing attack statistics 2023
    1. Phishing most targeted industry sectors worldwide Q4 2022
    1. Spam e-mail: leading countries of origin of Spam 2022
    1. Phishing Activity Trends Report Q4 2022