Top 10 Phishing Attack Statistics That Should Scare You

Phishing has become one of the most pernicious dangers in cybersecurity today. Even though awareness of the problem has been rising based on data from numerous sources including the Verizon Data Breach Report [include link], there is a risk that people are getting jaded with the daily news bombarding them about the latest phishing attacks. In this blog, we’ve tried to pull together a number of key phishing attack statistics in an easily digestible and shareable format, that helps crystalize the size and scope of the phishing problem.

Top 10 Phishing Attack Statistics

  1. 83% of organizations said they experienced phishing attacks last year.
  2. Phishing was the third most common type of scam reported to the FBI regardless of company size, industry, or location.
  3. 97% of people cannot identify a phishing scam.
  4. An analysis of more than 55 million emails reveals that one in every 99 emails is a phishing attack.
  5. Approximately 15 billion spam emails are sent daily; 45% of all email is spam (and some researchers believe that number to be closer to 75%.
  6. 30% of phishing messages are opened.
  7. More than 71% of targeted attacks involve the use of spear phishing.
  8. 93% of social attacks are phishing-related.
  9. 66% of malware is installed via malicious email attachments.
  10. In 2018 there were 366 healthcare data breaches.

 

83% of organizations said they experienced phishing attacks last year.

Even worse? These phishing statistics are up from 76% in 2017, and experts predict another six billion attacks to occur throughout 2022. The impact of these phishing attacks will be realized by the compromised accounts, malware infections, and loss of data left in their wake.

For more, read 6 Anti-Phishing Resources to Help You Stay “In the Know”.

Phishing was the third most common type of scam reported to the FBI regardless of company size, industry, or location.

This shouldn’t come as a surprise. Phishing facts show that compared to other means of cyberattack, they are relatively easy; phishers don’t need to try to infiltrate a system or find infrastructure vulnerabilities. Instead, they simply target an organization’s weakest link—its employees. All they need to do is dupe just one person—sometimes out of hundreds or even thousands of employees—into opening an email or clicking a link or attachment.

For more, read 3 Reasons You Need to Invest in Anti-Phishing Services.

97% of people cannot identify a phishing scam.

We like to think a robust training program is enough to help employees spot a scam, but phishing attack statistics prove that humans are fallible. While no one is likely to fall for the “Nigerian Prince” scams of yesterday, phishers have become more sophisticated in their techniques so that even the savviest of internet users can become victims.

For more, read Why You Need More Than Just a Human Firewall.

An analysis of more than 55 million emails reveals that one in every 99 emails is a phishing attack.

Even scarier, studies show that 25% of these emails sneak into Office 365, one of the most widely used office suite packages in the world, with over 60 million commercial users. And, the more users a platform has, the higher the chance of phishing attack success.

For more, read Is Office 365 Secure From Email Phishing Attacks?

Approximately 15 billion spam emails are sent daily; 45% of all email is spam (and some researchers believe that number to be closer to 75%.

You may think, “What’s the harm in spam, besides temporary annoyance?” Well, the massive amount of non-malicious junk email has spam filters working overtime, which makes it easier for malicious phishing attacks to slip through.

For more, read Spam Filters Aren’t Enough to Keep Out Phishing Scams.

30% of phishing messages are opened.

Making matters worse, this phishing attack statistic is up from 23% in previous years. What does this mean? While phishing awareness among the public may be growing, phishers are getting more sophisticated in their efforts to trick them, even moving outside email phishing and using communication channels such as Slack to catch people off-guard.

For more, read Slack: Phishing Attacks Go Beyond Just Emails.

More than 71% of targeted attacks involve the use of spear phishing.

Whereas normal phishing attacks aim to hook anyone willing to bite, spear phishing targets a particular individual or organization. This is accomplished through personalized emails, often impersonating someone the recipient knows and using information specific to the target to lead them to believe that the request for sensitive data or wire transfers is legitimate.

For more, read 5 Types of Phishing You Should Know About & How to Stay Protected.

93% of social attacks are phishing-related.

Employees may know not to open attachments or click links, but some behavior is hard-wired, such as obeying the orders of a superior. Knowing this, hackers use social engineering—for example, posing as a member of the executive team—when requesting information or funds. Not wanting to upset the boss, many employees oblige, resulting in a breach.

For more, read Enforcing Good Phishing Protection Habits NOT Training

66% of malware is installed via malicious email attachments.

We tend to think malware strikes when a hacker finds a vulnerability in our infrastructure, but the truth is, the majority of malware enters the system through phishing attacks. This can even include ransomware, which costs businesses more than $8 billion in 2018 alone.

For more, read Global Ransomware Damage Costs.

In 2018 there were 366 healthcare data breaches.

While that phishing attack statistic may not sound too high, we’re talking about the exposure of over 13 million records! Phishers often target the healthcare industry because companies in this industry have large amounts of valuable data, a highly connected infrastructure, and there’s little to no IT investment or training (generally less than 3% of their profits).

For more, read Healthcare Phishing Scams: How to Keep Patient Information Secure.

Protecting Yourself from Phishing Attacks

The internet has made our lives easier, but it’s also made it easier for us to be scammed as these phishing attack statistics demonstrate. To protect yourself and your organization, consider phishing prevention software. Clearedin, a leading phishing prevention solution, assesses your emails to determine whether they are a phishing attack. The ClearedIn platform takes it a step further and analyzes your company’s communications over multiple email platforms as well as communications channels such as Slack, using artificial intelligence to develop a model of your organization’s communications network.

When threats are detected, they are flagged and disarmed immediately. Users are notified why the messages are labeled as potential phishing attacks in order to make informed decisions about whether to unlock them.

To learn more about how you can protect your business from becoming part of the latest phishing attack statistics, contact our team of experts today.

demo for anti-phishing attacks

Sharing Isn't Caring: How To ...

Subscribe for updates

Get weekly updates on phishing and other web attacks