20 Phishing Statistics Small Businesses Should Know


phishing statistics

Phishing attacks are growing. And the latest phishing statistics prove this point. To help you stay informed about the current phishing threats, we have collected the key phishing attack statistics below.

Let’s dive in:

What Is a Phishing Attack?

A phishing attack is a social engineering attack in which an attacker pretending to be a trusted person or entity tricks a user into revealing confidential information or installing a malware program on the user’s computer.

In phishing attacks, which are 53% of total social attacks, threat actors often contact users via social media messages, emails, phone calls, or text messages.

Social Media Phishing Statistics

With social media users growing exponentially, cyber attackers are increasingly using social media for phishing attacks.

Here are important social media phishing statistics to consider:

1. Social media contributed to around 12% of total phishing attacks in 2021.

Though email is the top attack vector for phishing attempts, hackers are now turning to social media to run phishing campaigns. So training your employees on social media phishing scams should be on the top of your cyber security priority list.

2. 74% of companies experienced social media attacks in 2021.

Hackers are increasingly using social media to attack companies. Therefore, you must implement a strict cybersecurity policy for social media usage in your company. Also, you should encourage your employees to avoid clicking phishing messages and phishing links in posts.

3. 47% of social media users see more spam in their feeds.

Social media is becoming a favorite place for hackers to carry out cyber attacks. To avoid becoming a victim of social media phishing, you should:

  • Avoid clicking random links in messages
  • Ask yourself if someone would genuinely contact you this way on social media
  • Call the number of the person or organization to check the authenticity
  • Never share confidential details on social media

4. 52% of all phishing attacks globally targeted LinkedIn in Q1,2022.

LinkedIn is becoming a popular platform for hackers. According to a Check Point study, this ever-popular social networking platform experienced more than half of phishing attacks globally.

5. LinkedIn phishing messages make up 47% of social media phishing attacks.

LinkedIn phishing messages are rising. Hackers attempt to steal a user’s LinkedIn account information in such an email. And the stolen credentials are often used to commit other cyber crimes.

Phishing Email Statistics

Look at these recent phishing statistics to know how email plays a critical role in cyber attacks.

6. Spear phishing emails are the most popular phishing attack vector.

The number of targeted attacks is increasing. In fact, 65% of hacker groups use spear phishing as the primary infection vector. In spear phishing attacks, hackers gather company background information to exploit the human element. So the best way to fight these spear phishing attacks is to be aware of these attacks.

7. 83% of organizations faced a successful phishing attack (email-based) in 2021.

Around 8 in 10 companies experienced email phishing. With the help of the latest email analysis and detection tools, you can identify and detect many forms of email fraud, including business email compromise (BEC) attacks.

8. 18% of clicked phishing emails come from a mobile device.

With more and more people using mobile devices to open emails, it is no surprise that 18% of phishing emails are clicked on mobile phones. One way to defend against mobile phishing is to be critical of the apps you install.

Here are additional emails phishing stats from Global Phish Report:

9. 1 of every 99 emails is a phishing attack.

1% of all emails you receive are phishing attacks, using malicious links and attachments as the primary infection vector. What’s worse, 25% of phishing emails bypass Office 365 security.

10. 98% of emails containing a crypto wallet address are phishing.

Malicious emails are a leading cause of phishing. Most emails having crypto wallets are phishing. And 1 in 3 emails containing a link to a WordPress website is phishing.

So it is imperative to use a secure email gateway to block malicious links and malicious attachments.

Website Phishing Scams Statistics

Online fraud incidents and phishing attempts are a huge threat to businesses and individuals today. In order to protect your valuable data from any data breach incident and keep your credentials safe, you should be aware of the danger phishing poses.

Here are some key phishing facts you should know:

11. More than 1 million unique phishing sites were detected in H1 2021.

According to the data from Atlas VPN, there were 1,228,816 unique phishing websites in H1 2021.

12. 51% of phishing websites use .com as a top-level domain.

Around half of the phishing websites have .com as a top-level domain, making it a bit difficult to spot a phishing site.

13. 29% of phishing sites use a brand name in the domain.

Branding phishing is growing. Around 3 in 10 phishing websites include a brand name in the domain. To spot a brand phishing website, you should check the spelling carefully. Most phishing attacks of this type use wrong spelling in URLs.

14. Facebook and Google lost millions of dollars in fraudulent invoices.

Evaldas Rimasauskas emailed fake invoices worth more than 100 million dollars to tech giants.

15. Brazil was the country most targeted by phishing attacks worldwide in 2021.

Brazil topped the list of countries most targeted by phishing attacks in 2021. France ranked second, followed by Portugal.

Financial Costs of Phishing Attacks

Successful phishing attacks can lead to data breaches, ransomware attacks, or other security incidents. So, needless to say, phishing attacks can cost you dearly.

Here are key findings from The Ponemon Cost of Phishing Study to help you learn about the financial loss a successful phishing attack can cause:

16. The average annual cost of phishing is $14.8 million.

Phishing attacks are one of the biggest security threats businesses are facing today. As the Ponemon report states, successful phishing attacks result in the loss of millions of dollars.

So you should implement the latest security solutions like spam filters and train your employees to detect phishing messages and malicious email attachments.

17. Employee phishing awareness training can reduce the total average cost of phishing by 53%.

The best way to protect yourself from phishing or other social engineering attacks is to go through cybersecurity awareness training.

Get your team trained by security professionals in spotting phishing emails, phishing websites, and malware threats. Doing so can significantly reduce the cost of a phishing attempt.

18. The average cost of employee productivity losses due to phishing attacks touched $3.2 million annually in 2021.

Phishing attacks decrease employee productivity. Each employee spends an average of 7 hours annually viewing and possibly responding to phishing emails.

19. Total average cost of malware attacks caused by phishing reached $807,506 in 2021.

Phishing causes an average of 15% of an organization’s malware infections. And the average cost of malware attacks caused by phishing is huge. So you should proactively prevent phishing attacks.

20- The average cost of credential compromises caused by phishing touched $692,531 in 2021.

When there are compromised credentials, businesses spend tech time investigating and responding to compromises. And tech time costs money, let alone the implications of compromised credentials.

What Percentage of People Get Phished?

Phishing is one of the most effective social engineering tactics. 20% of recipients click the phishing link. And 13% of recipients submit their credentials on phishing sites.

How Many Phishing Attacks Were There in 2021?

Phishing attacks are increasing. According to Dark Reading research, 69% of companies faced at least one phishing attack over the previous 12 months in 2021. There were 316,747 phishing attacks in December 2021.

Which Industry Has the Highest Click Rates for Phishing?

As of Q1 2022, the financial industry is the most targeted by phishing attacks, followed by SaaS/Webmail and retail/E-commerce. 23.6% of phishing attacks targeted the financial industry worldwide.

Image: Envato Elements


More in: Comment ▼

Sandeep Babu Sandeep Babu is a cybersecurity writer. He writes about malware, data security, privacy, and other cybersecurity topics for SBT and other reputed platforms.

Comments are closed.