With a master's degree in telecommunications and over 15 years of working experience in telecommunic... | See full bio
The Most Recent Phishing Statistics for 2023 You Should Know About
Updated · Aug 01, 2023
Florence is a dedicated wordsmith on a mission to make technology-related topics easy-to-understand.... | See full bio
From fraudulent texts and calls to suspicious DMs and sketchy emails, phishing is a type of cybercrime that comes in many forms. Unfortunately, no one is safe from it.
Phishers target individuals and businesses, targeting victims who are naive and vulnerable to internet scams by sending malicious links and malware.
In 2022, around 3.4 billion phishing email spams were sent daily, causing:
- data breaches
- identity theft
- potential cyber-attacks
While most phishing attempts are easy to spot, many people still fall for them. Keep yourself safe from harm by checking out the numbers involved in this fishy internet scam.
How Many Instances of Phishing Have Been Reported?
In 2022, 500 million phishing incidents were reported. Many of these incidents involved data breaches. Significant data breaches affecting at least 10 million records can fetch up to $50 million.
With that, phishing causes severe financial strain on victimized businesses and individuals. Data breaches through phishing can result in losing 50 million records, worth more or less $392 million.
To know more about phishing and its statistics, here are some essential data for 2023.
Helpful Article: Interested in what goes on in the world of cybercrime? Check out some of our in-depth pieces:
How Many Phishing Emails Are Sent?
Email service providers usually filter out phishing e-mails. For example, GMail alone blocks 1000 million spam emails daily. However, some may still end up in your mailbox.
In 2022, 83% of victimized business owners blamed phishing emails as the cause of their cyberattack. In addition, scammers also sent out about 1 billion phishing emails that year, affecting 1 in every five internet users.
Unfortunately, phishers are getting increasingly creative. Check out these stats and keep yourself safe on the internet.
1. 54% of phishing emails include the '.com' domain. In comparison, less than 8.9% contain the '.net' domain.
In 2022, the ‘.com’ domain was utilized in over half of phishing email links at around 54%, while the next most common domain is ‘.net’ at about 8.9%.
Scammers primarily use this domain to trick individuals into installing malware and keyloggers or disclosing personal information like:
- Personal data and information
- Sensitive data
- Bank or credit card numbers
Scammers can use this information for malicious intent, such as raking up credit card debt, identity theft, and performing fraudulent transactions online.
For Q2 2022, the most common domain names ending in ‘com’ are:
The danger of phishing is obvious - it causes data breaches or leaks. A data breach exposing 10 million records costs firms an average of $50 million. An attack compromising 50 million records can cost up to $392 million.
Helpful article: Clicking on a phishing email can install malware on your device. Read these in-depth guides to add a level of protection for yourself.
Phishing Victim Demographic Statistics
Phishers don’t select their victims and target just about anyone. However, 1 out of 4 (28.1%) internet users aged 75 and above fall for phishing scams. Their main target for this is homeowners who have children.
To know more about the demographics, read below for more in-depth knowledge.
2. Phishing is a serious crime, with 300,497 reports from phishing victims in 2022.
Phishing attacks that hack business email accounts are becoming more costly. It is estimated that victims in the US will lose more than $2.7 billion.
In addition, there was a considerable increase in cybercrime throughout the Asia-Pacific region, which included an uptick in phishing and zero-day attacks. As a result, businesses bear the added cost of cybersecurity, establishing online privacy protections, and paying millions of dollars to secure their data.
Helpful Article: With the number of cyber threats on the internet nowadays, everyone should prioritize their safety online. Dive into some of our articles to learn how to keep yourself safe!
3. There were 8,023 reported social media phishing in The United Kingdom in 2022, a significant rise of 23.5% from 2021.
Phishing doesn’t only affect email accounts; it can also involve social media profiles. The reported attacks were a significant rise of 23.5% from 2021. With this, there is a growing need for individuals and businesses to take proactive steps to protect users and organizations.
4. Canadians lost over $100 million due to internet phishing and scam.
Romance scams cost Canadians $42.2 million. Investment scams are also frequent. The pandemic has aggravated phishing attacks. Now, phishing accounts for almost 34% of Canadians receiving sketchy emails.
Identity theft rates in 2021 have decreased slightly from the previous year's high of 19.4 per 100,000 individuals. The current rate of 18.76% is significantly greater than the rates recorded between 2010 and 2019, which varied from 2.37% to 12.58% per 100,000 people.
5. In the US, 14% of phishing victims were targeted through business emails.
98% of cyberattacks involve psychological manipulation, also known as social engineering. Overall, social engineering accounts for 35% of breaches in the United States in 2021.
In 2022, spam continued dominating global email traffic, accounting for 48.63% of all emails. However, the proportion of spam in international email traffic has decreased from 51.02% in Q1 to 46.16% in Q4.
6. Phishing attacks accounted for almost 43% of Asian organizations.
Asia is a prime target for cybercriminals for various reasons, including:
- A large pool of potential victims
- Lack of disclosure regulation for companies
- Poor cybersecurity infrastructure
These results underline the necessity for Asian organizations to maintain vigilance and make significant security-related investments to guard against such attacks.
Prominent Phishing Damage and Loss Statistics
Phishing attacks are frequently a springboard for cyber scammers and frauds to initiate more severe security breaches damaging several companies. Damages vary from stolen data to ransomware.
To shed more light and understand the damages caused by phishing, read more below and understand the statistics better.
7. FACC faced a substantial loss of $47 million in late 2015 after falling victim to a 'whaling' attack.
Whaling is a type of phishing where emails are targeted toward a specific individual or company. The Austrian airline company experienced a cyber fraud attack on a phishing email. FACC failed to recover from the attack, which led to huge losses of $24 million during the fiscal years 2015 and 2016.
8. Sony was compelled to devote $15 million to cope with ongoing concerns connected to the hack.
After North Korean outrage about the movie “The Interview,” hackers launched a Poke The Bear cyberattack on the mass media and entertainment studio Sony Pictures.
Black hat hackers were rooted out as the perpetrators of the attacks. They also stole company-sensitive data reaching 100 terabytes. They also leaked sensitive e-mails of top executives.
Sony eventually paid an estimated $100 million to fix the hack, showing the terrible repercussions of cybersecurity breaches for huge organizations.
9. Colonial Pipeline was obliged to pay the hackers $4.4 million to regain control of their systems.
The attack on the Colonial Pipeline in 2021 was an occurrence that widely disrupted the US fuel supply, especially on the East Coast. A state of emergency was proclaimed in 18 states due to this cyber attack, which momentarily stopped fuel flow and caused panic buying of fuel during its six-day shutdown.
The FBI attributed the cyberattack to the DarkSide ransomware, a cybercriminal group believed to be based in Russia. The attack was so devastating that even the White House got involved.
The Colonial Pipeline attack led to intense public pressure for more robust cybersecurity regulations for the pipeline industry. It also highlighted investing in cybersecurity as a necessity for companies.
10. 42% of European organizations reported phishing as a prominent source of cyber crimes.
While vulnerability exploitation remained the most common threat at 46%, phishing was not far behind and posed a considerable risk to companies and businesses. On the other hand, brute force attacks came in third place, accounting for only 12% of all reported attacks.
11. Phishing attacks against large businesses in North America accounted for 47%.
Phishing attacks pose a troubling trend, especially compared to the smaller percentages of:
- Vulnerability exploitation (29%)
- Extreme attacks (9%)
It can be challenging to detect and cause substantial harm to a company, making it critical to prioritize cybersecurity measures.
12. Phishing accounts for 47% of all cyber attacks in Latin America.
(AAG, Recorded Future)
Latin America faced an escalation of cybersecurity issues in the past few years. This is likely due to the lack of cybersecurity infrastructure, policies, and awareness among the masses.
Patterns of attacks show a concentration of attacks targetting government data in Costa Rica, Brazil, Mexico, and Peru.
Phishing Predictions Through 2023
By 2025, the cost of cybercrime will cost the world $10.5 trillion. Current trends and advances may change the course of phishing activities based on the recent surge of different technologies and cybersecurity tactics.
These trends vary depending on device and method, such as cloud-storage attacks and hacks on smart devices.
Here are phishing predictions affecting cybersecurity in 2023:
13. A phishing attempt attacked 5 COVID-19 vaccine developers.
As the world races to produce and spread a COVID-19 vaccine, it is understandable that some countries may steal knowledge from others to obtain a competitive advantage.
Most of these attacks targeted phase 3 testing vaccines with a success rate of 70%-90%. With this in mind, espionage and cyber warfare have become standard tactics.
14. More than a third (36%) of those working in different livelihood and education fields are more threatened.
More data breaches will occur in 2023 due to third-party access to data. They are especially vulnerable because of the lack of security around third-party access in the healthcare, educational, and manufacturing sectors if “least privilege” access isn’t implemented.
15. An increase in suspicious TrickBot activity comprises 10.8% of the Malware Family ever since.
LNK and CHM downloaders, commonly used for shortcuts, will likely be employed in new TrickBot tactics in 2023. This increase implies TrickBot could be distributed through seemingly malicious files, making it more difficult for businesses to detect and prevent its invasion.
Given that TrickBot campaigns are expected to become more prevalent, companies must remain vigilant and take preventive measures for cybersecurity.
Phishing attacks continue to pose severe risks to individuals and organizations worldwide, with cybercriminals employing a variety of domains and strategies to fool and defraud their victims.
Internet users and organizations should highlight the importance of vigilance in protecting personal and sensitive information - avoiding fraud and cyber crime entirely.
Individuals and companies must stay aware and take proper precautions to protect themselves from the ever-increasing threat of scams and phishing attempts as cybercrime evolves.
How to tell if the email is a fraud or suspicious?
Usually, a fake email has distinct characteristics such as blank subjects, different email addresses, suspicious information, and the sender's location.
What to do if I accidentally handed over my personal information?
Change your password immediately. If you have given your bank information, blocking and freezing your account through your mobile app is best.
If you surrendered your phone number, tell your friends and family about the spam messages they might receive.
How can I report phishing attacks?
You can report phishing attacks through [email protected] to immediately get the help you need. Victims must report such instances to get appropriate assistance.
What is the difference between phishing emails and spam emails?
Scam emails are unsolicited emails, while phishing emails are criminals and scammers disguised as emails from legitimate sources.
Your email address will not be published.
Updated · Nov 30, 2023
Updated · Dec 05, 2023