The Most Recent Phishing Statistics for 2023 You Should Know About

Muninder Adavelli
Muninder Adavelli

Updated · May 10, 2023

Muninder Adavelli

The Chief Content Strategist | Joined October 2021

Munni is also an ardent student of human-computer interfaces and user experience design. He makes th... | See full bio


Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Phishing is a popular type of cybercrime on the internet. It affects consumers and industries from having proper cyber security systems on the internet. Phishers target victims who are naive and vulnerable to internet scams by sending malicious links and malware.

In 2022, around 3.4 billion phishing email spams will be sent daily. Causing data breaches, identity theft, and potential cyber-attacks. These can cause severe repercussions for businesses and regular internet users.

In this article, learn the current status of internet phishing statistics and everything you should know about it.

Editor's Choice

  • A data breach compromising 10 million records costs around $50 million.
  • In 2022, 83% of business firm owners who experienced a cyber scam and attack blamed phishing.
  • Slightly more than one in four (28.1%) people over 75 fall for a phishing scam.
  • Business email compromise attacks have gotten increasingly expensive, with victims in the United States losing more than $2.7 billion by 2022.
  • According to recent data, scams involving 'romance' cost Canadians $42.2 million.
  • The pandemic has worsened the situation accounting for almost 34% of Canadians receiving phishing emails in the first six months.
  • In the first quarter of 2015, Sony was compelled to devote $15 million to cope with ongoing concerns connected to the hack.
  • In 2022, spam continued dominating global email traffic, accounting for 48.63% of all emails

How Many Instances of Phishing Have Been Reported?

In 2021, 323,972 phishing incidents were recorded, and a data breach involving 10 million records costs $50 million. Financial loss is a significant issue for a business experiencing phishing attacks. Data breaches through phishing can result in losing 50 million records or $392 million.

To know more about phishing and its statistics, here are some essential data for 2023:

Statistics on How Many Phishing Emails Are Sent

In the world of cybercrime, phishing emails are apparent due to their simplicity and easy access to information. 

In 2022, 83% of business owners who were victims of online scams and attacks blamed it on phishing emails. In addition, about 1 billion phishing emails were sent and revealed, affecting 1 in every 5 internet users.

Here are statistics about phishing emails and their prevalent domains on the internet:

1. 54% of phishing emails include the '.com' domain. In comparison, less than 8.9% contain the '.net' domain.


In 2022, the ‘.com’ domain was utilized in over half of phishing email links at around 54%, while the next most common domain is ‘.net’ at about 8.9%.

Scammers primarily use this domain to trick individuals into installing malware and keyloggers or disclosing personal information like:

  • Personal data and information
  • Sensitive data
  • Bank or credit card numbers

Scammers can use this information for malicious intent, such as raking up credit card debt, identity theft, and performing fraudulent transactions online. 

For Q2 2022, the most common domain names ending in ‘com’ are:

  • Adobe
  • Google
  • Myportfolio
  • Backblazeb2
  • Weebly

The danger of phishing is obvious - it causes data breaches or leaks. A data breach exposing 10 million records costs firms an average of $50 million. An attack compromising 50 million records can cost up to $392 million.

Phishing Victim Demographic Statistics

Phishers don’t select their victims; they target just about anyone. However, 1 out of 4 (28.1%) internet users aged 75 and above fall for phishing scams. Their main target for this is homeowners who have children.

To know more about the demographics, read below for more in-depth knowledge.

2. Phishing is a serious crime, with 300,497 reports from phishing victims in 2022.


Phishing attacks that hack business email accounts are becoming more costly, and it is estimated that victims in the U.S. will lose more than $2.7 billion. 

In addition, there was a considerable increase in cybercrime throughout the Asia-Pacific region, which included an uptick in phishing and zero-day attacks obliging businesses to concentrate on cybersecurity, establishing online privacy protections, and paying millions of dollars.

3. There were 8,023 reported social media phishing in The United Kingdom in 2022, a significant rise of 23.5% from 2021.


Phishing doesn’t only affect email accounts; it can also involve social media profiles. The reported attacks were a significant rise of 23.5% from 2021. With this, there is a growing need for individuals and businesses to take proactive steps to protect users and organizations.

4. Canadians lost over $100 million due to internet phishing and scam.


According to recent data, romance scams cost Canadians $42.2 million. Investment scams are also frequent. The pandemic has worsened the situation accounting for almost 34% of Canadians receiving phishing emails in the first six months.

While identity theft rates in 2021 have decreased slightly from the previous year's high of 19.4 per 100,000 individuals, the current rate of 18.76% is significantly greater than the rates recorded between 2010 and 2019, which varied from 2.37% to 12.58% per 100,000 people.

5. In the U.S., 14% of phishing victims were targeted through business emails.


Social engineering is also common in cyberattacks, accounting for 35% of breaches in the United States in 2021. In 2022, spam continued dominating global email traffic, accounting for 48.63% of all emails. However, the proportion of spam in international email traffic has decreased from 51.02% in Q1 to 46.16% in Q4.

6. Phishing attacks accounted for almost 43% of Asian organizations.


However, only 7% of attacks were carried out using brute force. These results underline the necessity for Asian organizations to maintain vigilance and make significant security-related investments to guard against such attacks.

Prominent Phishing Damage and Loss Statistics

Phishing attacks are frequently a springboard for cyber scammers and frauds to initiate more severe security breaches damaging several companies. Damages vary from stolen data to ransomware.

To shed more light and understand the damages caused by phishing, read more below and understand the statistics better.

7. FACC faced a substantial loss of $47 million in late 2015 after falling victim to a 'whaling' attack.


Whaling is a type of phishing where emails are targeted toward a specific individual or company. The Austrian airline company experienced a cyber fraud attack on a phishing email. FACC failed to recover from the attack, which led to huge losses of $24 million during the fiscal years 2015 and 2016.

8. Sony was compelled to devote $15 million to cope with ongoing concerns connected to the hack.


The hackers claimed to have stolen up to 100 terabytes of company-sensitive data, including movies, emails, employee information, etc. Sony eventually paid an estimated $100 million to fix the hack, showing the terrible repercussions of cybersecurity breaches for huge organizations.

9. Colonial Pipeline was obliged to pay the hackers $4.4 million to regain control of their systems.


The attack on the Colonial Pipeline in 2021 was an occurrence that widely disrupted and anarchized the American east coast. A state of emergency was proclaimed in 18 states due to this cyber attack, which momentarily stopped fuel flow and caused panic buying of fuel.

10. 42% of European organizations reported phishing as a prominent source of cyber crimes.


While vulnerability exploitation remained the most common threat at 46%, phishing was not far behind and posed a considerable risk to companies and businesses. On the other hand, brute force attacks came in third place, accounting for only 12% of all reported attacks.

11. Phishing attacks against large businesses in North America accounted for 47%.


This is a relatively troubling trend, especially compared to the smaller percentages of vulnerability exploitation (29%) and extreme attacks (9%). Phishing can be challenging to detect and cause substantial harm to a company, making it critical to prioritize cybersecurity measures.

12. Phishing accounts for 47% of all cyber attacks in Latin America.


Followed by 29% of stolen important information and 18% of vulnerable exploitations, these statistics have emphasized the necessity of teaching employees about the hazards of phishing and the importance of cybersecurity and protection.

Phishing Predictions Through 2023

Current trends and advances may change the course of phishing activities based on the recent surge of different technologies and cybersecurity tactics. These trends will vary depending on device and method, such as cloud-storage attacks and hacks on smart devices.

Here are phishing predictions affecting cybersecurity in 2023:

13. A phishing attempt attacked 5 COVID-19 vaccine developers.


As the world races to produce and spread a COVID-19 vaccine, it is understandable that some countries may steal knowledge from others to obtain a competitive advantage. 

Most of these attacks targeted phase 3 testing vaccines with a success rate of 70%-90%. With this in mind, espionage and cyber warfare have become standard tactics.

14. More than a third (36%) of those working in different livelihood and education fields are more threatened.

(Vapor VM)

More data breaches will occur in 2023 due to third-party access to data. They are especially vulnerable because of the lack of security around third-party access in the healthcare, educational, and manufacturing sectors if “least privilege” access isn’t implemented.

15. An increase in suspicious TrickBot activity comprises 10.8% of the Malware Family ever since.

(Comparitech, Checkpoint) 

LNK and CHM downloaders, commonly used for shortcuts, will likely be employed in new TrickBot tactics in 2023. This implies TrickBot could be distributed through seemingly malicious files, making it more difficult for businesses to detect and prevent its invasion.

Given that TrickBot campaigns are expected to become more prevalent, businesses must remain vigilant and take preventive measures for cybersecurity.

Final Words

Phishing attacks continue to pose severe risks to individuals and organizations worldwide, with cybercriminals employing a variety of domains and strategies to fool and defraud their victims. 

Internet users and organizations should highlight the importance of vigilance in protecting personal and sensitive information - avoiding fraud and cyber crime entirely.

Individuals and companies must stay aware and take proper precautions to protect themselves from the ever-increasing threat of scams and phishing attempts as cybercrime evolves.


How to tell if the email is a fraud or suspicious?

Usually, a fake email has distinct characteristics such as blank subjects, different email addresses, suspicious information, and the sender's location.

What to do if I accidentally handed over my personal information?

Change your password immediately. If you have given your bank information, blocking and freezing your account through your mobile app is best. 

If you surrendered your phone number, tell your friends and family about the spam messages they might receive.

How can I report phishing attacks?

You can report phishing attacks through [email protected] to immediately get the help you need. Victims must report such instances to get appropriate assistance.

What is the difference between phishing emails and spam emails?

Scam emails are unsolicited emails, while phishing emails are criminals and scammers disguised as emails from legitimate sources.


Muninder Adavelli

Muninder Adavelli

Munni is also an ardent student of human-computer interfaces and user experience design. He makes the vital connections between technology and the end user. He always finds the ultimate way to tell the story of software, to highlight its strengths and weaknesses in an accessible way. He often contemplates the dynamic relationship between humanity and technology over a pint of lager, while enjoying some classy classical rock.

Leave your comment

Your email address will not be published.