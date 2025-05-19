Introduction

Phishing Statistics: Phishing is a kind of cyberattack in which criminals try to fool people into sharing personal information such as passwords or credit card numbers, often by pretending to be a trusted company or person through fake emails, websites, or messages. Phishing has become more common as many people use the Internet for banking, shopping, and communication.

In 2024, phishing attacks are a major threat to both individuals and businesses. Criminals are using more advanced techniques, and these attacks are costing billions of dollars globally. People need to stay aware and cautious online to avoid falling victim to these scams.

Phishing Statistics show that Phishing attacks rose by 12% in 2024 due to more advanced methods and better-focused scams.

in 2024 due to more advanced methods and better-focused scams. About 1.2% of all emails are harmful, leading to around 3.4 billion phishing emails being sent daily.

of all emails are harmful, leading to around phishing emails being sent daily. Around 90% of data breaches include phishing, making it a key way cybercriminals attack organizations.

of data breaches include phishing, making it a key way cybercriminals attack organizations. Meanwhile, 70% of phishing attacks aim to steal money, focusing on getting credit card details or login information.

of phishing attacks aim to steal money, focusing on getting credit card details or login information. Enterprise employees face 20 times more phishing attacks than individuals because businesses are more valuable targets.

times more phishing attacks than individuals because businesses are more valuable targets. In 2024, BEC attacks cost businesses USD 4.91 million per incident, up from USD 4.65 million in 2023.

per incident, up from in 2023. Phishing causes over 60% of ransomware infections, tricking employees into downloading harmful software through fake emails.

of ransomware infections, tricking employees into downloading harmful software through fake emails. Phishing Statistics further states that Microsoft is the most impersonated brand, with over 20% of phishing attacks pretending to be from them.

Mobile phishing attacks increased by 18% , with more phishing links now sent through SMS and messaging apps like WhatsApp.

, with more phishing links now sent through SMS and messaging apps like WhatsApp. More than 40% of phishing emails now come from real email addresses, avoiding simple email filters easily.

of phishing emails now come from real email addresses, avoiding simple email filters easily. Besides, 43% of people still can’t spot phishing emails, showing that better cybersecurity training is needed.

General Phishing Statistics

As per GreatHorn, around 57% of companies face phishing attacks every week or every day.

About 1.2% of all emails are harmful, which means around 3.4 billion phishing emails are sent daily.

In 74% of breaches, human errors, like falling for tricks, making mistakes, or misusing systems, caused the problem.

IBM says phishing is the main way attacks start, causing 41% of all incidents.

According to CSO Online, over 80% of security problems happen because of phishing attacks.

CSO Online says phishing attacks cause a loss of USD 17,700 every minute worldwide.

AI-powered phishing emails that imitate human behavior more closely are harder to detect and are expected to increase by 20% in 2024.

Spear-phishing, or targeted phishing, increased in the same year by 25%, with attacks aimed at specific people or companies, making them more harmful and successful.

As of 2024, attackers often pretend to be trusted brands like Microsoft and Google, tricking people into giving personal information and causing 30% of phishing attacks.

Around 62% of phishing emails aim to steal usernames and passwords, which hackers use for identity theft, account hacking, and other cyberattacks.

Almost 45% of workers still have trouble spotting phishing scams, meaning companies must improve training to increase awareness and protect themselves.

Workers will open a fake attachment about 20% of the time, making phishing attacks more successful in companies.

About 12% of people will click on a link if it is included in an email they receive.

On the positive side, only 4% of people will provide their information on the website that the link leads to.

Phishing Statistics also show that the most common type of attack was business email compromise, which made up 53% of all phishing attacks in 2024.

Phishing messages often cause malware infections, which happen 49% of the time, followed by account compromises, which occur 47% of the time.

Most Common Phishing Attack Targets

Phishing Statistics further state that attackers pretend to be one of the top 20 global brands 51.7% of the time, with Microsoft being the most common brand they fake.

Around 26% of phishing attacks target public-facing websites and apps, as reported by IBM.

In the third quarter of 2023, phishing and Malware attacks increased by 173%, from 180.4 million to 493.2 million.

Facebook was used in more phishing links than the next seven most impersonated brands combined, with 16,657 links compared to 16,432.

Phishing Statistics further state that Malware also grew by 110%, with the number of emails containing Malware jumping from 60 million to 125.7 million.

According to Verizon, around 83% of security breaches were committed by people outside the organization, with financial gain as the main goal.

50% of all social engineering attacks were pretexting, which is almost double the amount seen the previous year.

Phishing Attack Frequency Statistics For 2024

Phishing Statistics show that 83% of organizations will experience at least one phishing attack annually.

In the U.S., phishing attacks accounted for 36% of all data breaches.

A report from IBM states that 26% of phishing attacks target public-facing applications, underscoring the importance of securing web-facing applications.

Attackers pretend to be one of the top 20 global brands in 51.7% of phishing emails.

Over 40% of phishing emails are now sent from legitimate email addresses, bypassing many basic email filters.

43% of individuals are still unable to correctly identify a phishing email, showing a critical need for better cybersecurity awareness training.

The company’s researchers found that scam websites increased by almost 94%, rising from 6,942,158 in 2020 to 13,438,810 in 2023.

On average, around 37 thousand new pages were created per day.

Phishing Activity Statistics By Top 10 Registars

Phishing Statistics elaborates that the top five registrars that cybercriminals often use for phishing attacks include these frequently exploited companies: GoDaddy.com (1 million phishing attacks), REGRU (230K), Namecheap (447K phishing attacks), 101domain (183K phishing attacks), and PDR Ltd. (166K phishing attacks).

Furthermore, other registered phishing sites are followed by Tucows (120K), Alibaba (106K), Dynadot (89K), and Gandi (83K).

Most Popular Phishing Attack Methods Statistics 2024

Email Phishing: 74% of organizations report that email phishing is the most common attack method.

74% of organizations report that email phishing is the most common attack method. Spear Phishing: 65% of successful phishing attacks are attributed to spear phishing, where attackers target specific individuals or organizations by gathering personal information to make the scam more convincing.

65% of successful phishing attacks are attributed to spear phishing, where attackers target specific individuals or organizations by gathering personal information to make the scam more convincing. Smishing (SMS Phishing): An 18% increase in mobile phishing was reported, and smishing attacks rose sharply.

An 18% increase in mobile phishing was reported, and smishing attacks rose sharply. Voice Phishing (Vishing): 28% of organizations experienced vishing attacks.

28% of organizations experienced vishing attacks. Clone Phishing: Around 19% of reported phishing emails were clone phishing attempts.

Around 19% of reported phishing emails were clone phishing attempts. Social Media Phishing: Phishing Statistics state that around 33% of phishing attempts are now being conducted through social media, often targeting employees.

Phishing Statistics state that around 33% of phishing attempts are now being conducted through social media, often targeting employees. Man-in-the-Middle Phishing: In 14% of phishing cases, attackers intercept communication between the victim and a trusted entity, allowing them to steal data in real time, particularly during online banking transactions.

In 14% of phishing cases, attackers intercept communication between the victim and a trusted entity, allowing them to steal data in real time, particularly during online banking transactions. Pharming: Involves redirecting users from legitimate websites to malicious ones. In 2024, 12% of phishing attacks employed this tactic, mostly targeting online banking or e-commerce websites.

Involves redirecting users from legitimate websites to malicious ones. In 2024, 12% of phishing attacks employed this tactic, mostly targeting online banking or e-commerce websites. Cloud-based Phishing: With more businesses relying on cloud services, 37% of phishing attacks target cloud-based platforms like Google Drive and Microsoft OneDrive, where users are tricked into providing login credentials.

With more businesses relying on cloud services, 37% of phishing attacks target cloud-based platforms like Google Drive and Microsoft OneDrive, where users are tricked into providing login credentials. QR Code Phishing: Around 5% of phishing attacks now involve fake QR codes, which users scan to be taken to malicious websites.

The Most Successful Phishing Email Statistics

Bill or invoice 7% Email delivery failure 3% Package delivery 4% Legal or law enforcement message 1.1% Scanned document 0.3%

The most dangerous phishing attacks usually come through emails with attachments, as they often contain harmful files or links. Microsoft Word (39.3%), Microsoft Excel (8.7%), Executable (19.5%), Rich text (14%), and Java archive files (5.6%) are followed by.

Phishing Demographic Statistics By Age

Age Group

(years) Click on phishing emails Did not click on phishing emails Don’t Know Don’t know what a phishing email is 18-30 19% 68.0% 9% 4% 31-40 32% 54.0% 10% 4% 41-50 29.0% 55.0% 12% 4% 51+ 8.0% 73.0% 115 8%

Phishing Attack Statistics By Country

As of 2024, the United States is the top country for sending the highest number of spam emails, with 8 billion spam emails sent every day.

France sends 7.3 billion spam emails every day, ranking second.

Meanwhile, Germany and Russia are close, each sending 7.1 billion spam emails daily.

Furthermore, in other countries, spam email spent per day in 2024 is detailed in the table below:

Country Spam Emails Sent Per Day (billions) Canada 7 China 7 Bulgaria 6.9 Romania 6.8 United Kingdom 6.7 Japan 6.5

A Statista report further states that in 2023, Vietnam had the highest rate of phishing attacks, affecting 18.91% of internet users in the country.

In the year studied, Peru ranked second with an attack rate of almost 17%, while Taiwan came in third, having an attack rate of 15.59%.

Furthermore, according to Phishing Statistics, other countries with the most phishing attacks were Lesotho (15.42%), Ecuador (15.29%), Greece (14.97%), Malawi (14.91%), Portugal (14.07%), Sri Lanka (14.04%), and Palestine (13.89%).

Number Of Phishing Attacks Statistics By Industry

The finance and insurance industry experienced 27.8% of all phishing attacks, the highest percentage among all industries, and a huge 393% increase compared to the previous year.

Phishing Statistics further elaborates that in 2024, the other Share of phishing scams by industry vertical are manufacturing (21%), services (15.8%), technology (11%), retail and wholesale (6.2%), government (5.2%), healthcare (4.6%), education (4.4%), and others (4%).

Key Phishing Statistics In The Financial Sector

In 2024, 31% of all phishing attacks globally targeted financial institutions.

Phishing attacks on the financial sector saw a 22% increase from 2023 to 2024.

The average cost of a successful phishing attack on a financial institution is approximately USD 5.5 million.

For larger financial institutions, the cost can exceed USD 25 million for more complex attacks.

Around 65% of phishing attacks in the financial sector involved attempts to steal account credentials.

Almost 40% of phishing attacks on financial institutions in 2024 involved malware.

70% of phishing attacks in the financial sector targeted employees directly.

Around 55% of smaller financial firms reported experiencing at least one phishing attack, with an average loss of USD 500,000 per incident.

Healthcare Phishing Statistics

As mentioned in Phishing Statistics, in 2024, attacks on healthcare organizations increased by 32%.

Approximately 80% of healthcare data breaches involve phishing or social engineering.

The average cost of a phishing attack in the healthcare sector is around USD 9.2 million.

72% of phishing attacks target healthcare employees through email, often impersonating trusted entities like insurance providers, medical supply companies, or internal staff.

In 2024, around 50% of healthcare employees clicked on phishing links, a notable rise from 35% in 2023.

The healthcare industry in the U.S. is estimated to lose more than USD 3.8 billion due to phishing attacks.

60% of phishing attacks in healthcare are linked to ransomware.

Over 30 million patient records were compromised due to phishing attacks targeting healthcare organizations.

Despite the growing threat, 55% of healthcare organizations report needing more email security to combat phishing attacks.

25% of healthcare providers do not use two-factor authentication (2FA).

Attackers caused 25% of healthcare systems to experience prolonged downtime.

Phishing Statistics In The Manufacturing Sector

Almost 80% of manufacturing companies reported experiencing at least one phishing attack in 2024.

Operational disruptions led to 40% of successful phishing attacks in manufacturing.

The average financial loss per phishing incident in the manufacturing sector in 2024 is supposed to be USD 10 million.

In contrast, 30% of manufacturing phishing attacks involved credential theft.

The estimated total global losses in this segment due to phishing will be USD 45 billion.

60% of phishing emails in manufacturing contained Malware.

Similarly, 25% of phishing attacks targeted small to medium-sized manufacturing companies.

North America and Europe remain the most targeted regions, accounting for nearly 65% of all phishing attacks.

Social Media Companies’ Phishing Statistics

According to the Phishing Activity Trends Report from APWG, 42.8% of phishing attacks in Q4 2023 targeted social media platforms.

The total number of phishing attempts against social media platforms globally resulted in 2 billion.

In the first half of 2024, over 20 million social media accounts were compromised through phishing attacks.

There was a 60% increase in phishing attacks aimed at social media platforms.

Social media companies have spent over $100 million on remediation efforts in 2024.

Facebook remains one of the top targets for phishing, with over 30% of social media phishing attacks aimed at its users.

It is expected that by 2024, nearly 50% of social media users will be affected by phishing.

Government Services Phishing Statistics

As of 2024, government services accounted for 15% of all phishing attacks globally.

From 2023 to 2024, the rate of phishing attacks on government platforms rose by 30%.

Over 45,000 phishing incidents specifically targeting government portals were reported by August 2024.

Government agencies globally reported total financial losses of over USD 200 million due to phishing attacks by mid-2024.

On average, it took government agencies 20 days to recover from phishing incidents and restore compromised systems fully.

The U.S. government lost over $50 million in phishing-related fraud.

Around 70% of phishing emails target U.S. government agencies.

Phishing Statistics By Most Targeted Online Industry Sectors

In the first quarter of 2024, around 37.6% of phishing attacks worldwide were aimed at social media platforms, showing how these sites have become major targets for cybercriminals.

The second and third most targeted sectors in the same duration were SaaS/Webmail (21%) and Financial Institutions (9.8%), respectively.

Others are followed by Payment (7.2%), E-commerce/Retail (5.4%), Logistics/Shipping (5%), Telecom (2%), Cryptocurrency (2%), and the rest sectors (10%).

By Top 10 Most Commonly Phished Brands

Microsoft: 38% of phishing attempts targeted Microsoft, making it the most imitated brand.

Google: 11% of phishing attacks were aimed at Google users.

LinkedIn also accounted for 11% of phishing attempts.

Apple: 5% of phishing campaigns imitated Apple.

DHL: 5% of phishing emails involved DHL, often with shipping-related scams.

Amazon: 3% of attacks targeted Amazon users.

Facebook: Represented 2% of phishing attempts.

Roblox holds 2% of attacks targeted at this popular gaming platform.

Wells Fargo also saw 2% of phishing emails directed at its customers.

Airbnb is new to the top 10, with 1% of phishing attacks likely due to seasonal travel.

By Number of Affected Brands Statistics

As mentioned in Phishing Statistics, in March 2024, phishing attacks targeted 301 brands worldwide.

Whereas fewer than 309 brands were attacked in February, and in January, there were 314 brands.

The number of brands and legitimate entities targeted by monthly phishing attacks in 2023 is as follows: January (561), February (549), March (576), April (544), May (521), June (498), July (477), August (499), September (508), October (477), November (442), and December.

By Top Countries Phishing or Scam Hosted the Most

Phishing Statistics states that the United States accounts for 47% of all phishing and scam registrations worldwide.

Country Activity United States 4,897,378 Germany 1,153,818 Canada 498,736 Russia 414,887 United Kingdom 302,767 Netherlands 178,633 France 126,930 Australia 118,734 China 73,543 Singapore 70,921

Top States With the Highest Financial Losses From Phishing In 2024

Phishing Statistics also reports that California leads the U.S. in phishing losses, resulting in USD 650 million, due to its large population and concentration of tech companies.

On the other hand, Texas has seen a significant rise in phishing attacks targeting its energy, healthcare, and financial sectors, resulting in around USD 450 million in financial losses.

Similarly, other financial losses by U.S. states are Florida (USD 400 million), New York (USD 370 million), Illinois (USD 320 million), Georgia (USD 290 million), Pennsylvania (USD 275 million), and Virginia (USD 250 million).

States With The Least Financial Losses From Phishing

Vermont has a smaller population and fewer large businesses, leading to lower phishing activity. By the end of 2024, it was estimated to have lost USD 1.2 million.

Other states with less financial losses are Wyoming (USD 1.5 million), Montana (USD 2 million), North Dakota (USD 2.3 million), and South Dakota (USD 2.5 million).

The Top 10 TLDs Used in Statistics in Phishing Attacks, 2023

Top TLDs Activity .com 4,129,855 .net 739,111 .xyz 590,918 .ru 384,404 com. br 291,498 .online 275,264 .top 272,589 .info 259,632 .site 240,314 .org 218,146

Phishing Scams Targeting Organizations And Consumers

A report published by Bolster identified the top five phishing scams statistics by the number of attacks are login page scams or sensitive data with 2.9 million, gaming scams (281,000), gift card scams (245,862), fake online stores (175,000), and Cryptocurrency (175,039).

On the other hand, other identified phishing scams by the number of attacks are tech support (133,639), banking (120,362), app store (96,781), promo code (68,260), streaming (44,286), social media (34,574), hacked site (33,574), gambling (30,071), adult (16,138), drug (12,083), crypto giveaway (10,941), contact (6,438), and marketplace (4,528).

Phishing Statistics By Global Cost Of Phishing Attacks

As of 2024, the estimated global financial losses from phishing attacks are estimated at USD 17.4 billion.

From 2023 to 2024, the overall cost of phishing has increased by 45%.

The average annual cost to a company due to phishing attacks is USD 1.1 million.

Meanwhile, the cost of large-scale phishing attacks on multinational corporations will account for USD 15 million.

The estimated cost incurred for each successful phishing email will be USD 150 to 500.

Phishing Statistics also reported that around 60% of SMEs hit by phishing attacks close within six months of an attack due to the financial burden and reputational damage.

Similarly, the cost of a phishing attack on an SME turned out to be USD 100,000 to 300,000.

In 2024, 30% of the total cost of phishing attacks goes toward remediation efforts, including patching vulnerabilities, resetting passwords, and improving security infrastructure.

45% of costs are related to business disruption, including downtime, loss of productivity, and resource diversion.

Legal fees make up 10% of the total phishing attack cost, coming from fines by regulators or lawsuits from customers who are affected, leading to additional financial burdens for companies involved.

Reputational damage accounts for 15% of the total cost of phishing attacks.

Business Impact Of Phishing Attacks Statistics

Phishing consequences Share of security leaders who experienced it Lost/stolen data 60% Compromised credentials and accounts 50% Ransomware 45% Other Malware 30% Direct financial loss 20%

Number Of Global Phishing Sites Statistics

Phishing Statistics show that in the first quarter of 2024, more than 963,994 phishing websites were found around the world, which is a small drop from 1,077,501 in 2023.

Moreover, the quarterly total number of unique phishing sites detected globally in 2023 is Q1 (1,624,144), Q2 (1,286,208), Q3 (999,956), and Q4 (1,077,501).

Global Firms Experiencing Material Loss of Sensitive Information 2024 By Country

According to a February 2024 survey of Chief Information Security Officers (CISOs) worldwide, 77% of South Korean organizations have experienced a loss of sensitive information.

Meanwhile, Share of organizations worldwide that have experienced a loss of sensitive information by country are Canada (61%), France (58%), Germany (57%), Sweden (54%), United States (52%), Spain (46%), worldwide (46%), Netherlands (45%), United Arab Emirates (45%), Brazil (40%), United Kingdom (39%), Australia (39%), Japan (34%), Singapore (32%), Saudi Arabia (31%) and Italy (27%).

Conclusion

This article on Phishing Statistics stated that phishing attacks are becoming more common and more costly for people and businesses. These attacks use fake emails, websites, and messages to trick people into sharing personal information like passwords, bank details, and other sensitive data. The damage from phishing includes financial losses, business disruptions, and identity theft.

Organizations and governments are putting more effort into protecting against phishing by improving security systems and raising awareness. However, the problem continues to grow, with increasing numbers of attacks targeting both businesses and public services. Phishing remains a serious threat that needs constant attention.

FAQ . What is phishing?



Phishing is a type of online scam in which criminals try to steal personal information such as passwords, credit card numbers, or social security numbers. How can I protect myself from phishing?



Avoid clicking on strange links or files in emails or messages.

Always check the sender’s email closely.

Use two-factor authentication for online accounts.

Report phishing attempts to authorities or your email provider. What happens if I fall for a phishing attack?



If you fall for a phishing scam, someone may steal your personal or financial information, which can cause identity theft or money loss, so change passwords, report it, and watch your accounts closely. How fast are phishing attacks growing?



Phishing attacks are increasing by about 30% every year due to the growth of online services and the spread of digital scams.

