A staggering 3.4 billion phishing emails are sent out daily worldwide.
Employees receive an average of 14 malicious emails each year. Phishing emails are the cause of 96% of all phishing attacks and the start of 91% of all cyberattacks.
Most people believe that phishing emails are not a big deal and that they can easily spot them. However, this is not always the case. Phishing emails are becoming increasingly sophisticated, and it is becoming harder to spot them. A phishing email is one of the most common ways people’s personal information is stolen. This can lead to identity theft, financial loss, and even damage your reputation.
Read this article below for the latest phishing email statistics to understand the extent of the problem and learn how to avoid phishing attacks.
Phishing Email Statistics
91% of cyberattacks start with a phishing email.
(Source: Deloitte)
There are a lot of things that go into making a website secure, but one of the most important things is to make sure that your email system is secure. Unfortunately, many cyber attacks begin with a phishing email to an unsuspecting victim.
34.7% of phishing attempts were targeted toward webmail and SaaS users.
(Source: Expert insights)
Even though we do not think of them as such, email messages can be dangerous. According to experts, we should vary our inboxes because there might be a phishing email hiding in plain sight.
A large majority of social media phishing attempts, 47%, target Linkedin users.
(Source: Expert insights)
Many of those emails promise account reset assistance or new networking opportunities (like when Linkedin tells you that your profile appeared in many searches or that people are looking at your profile). This was most appealing to those who lost their income due to the pandemic.
Global BEC (Business Email Compromise) and EAC (Email Account Compromise) losses exceed $43 billion from 2016-2021.
(Source: Unsecure)
According to the FBI, cybercrime has seen an incredibly high ROI. The most common method of thieving nowadays is still through malicious emails that look completely legitimate.
Gmail’s protection service is so effective that it blocks over 100 million phishing emails daily.
(Source: Earth web)
Today we are more susceptible to phishing attacks than ever because scammers have gotten very good at making their emails look authentic. Even Google’s protection service can not block all of them.
Over half of sent emails are spam.
(Source: AlertLogic)
A staggering amount of spam emails are sent daily – in 2017, the average person received 16 harmful emails every month. That is how many future attacks can be prevented. This means there should be training for every person and employee to recognize emails that are tricking.
A quarter of all emails sent from brands are phishing scams.
(Source: Avanan)
Thrust is the main link between consumers and brands. That is why hackers use that link to convey trust and steal relevant data from consumers. Here are some examples in percentages of how supposed brands sent emails:
- 48% of fake emails are sent in the name of Microsoft
- 38% of fake emails are sent in the name of amazon.com
- 9.7% of fake emails are sent in the name of banking and finance
- 2.5% of fake emails were sent in the name of DHL, FedEx, and UPS
Phishing emails are especially effective on Millenial and Gen Z-ers, with 23% falling for a phishing email scam.
(Source: Earth web)
A typical misconception is that the older generation, who have less experience with new and advanced technologies, are the ones that quickly get scammed online. However, recent data indicates otherwise.
Statistics of Spear Phishing Email
65% of all organized cyber attacks use spear phishing emails, according to the Internet Security Threat Report 2019.
(Source: Comparitech, ISTR)
One noteworthy mention is that the resort observed that these cyber groups compromise operational computers more frequently. If these groups wanted to mount disruptive operations, they now would have the ability to do so.
On average, mid-sized businesses lose $1.6 million if they are caught up in spear phishing.
(Source: Dataprot)
If you can not afford to lose money to phishing or wire fraud, attention is needed, and better cyber security plans need to be strategized and implemented. Phishing attacks have increased a lot since 2017.
90% of all cyberattacks resulted from spear phishing emails in 2012.
(Source: Dataprot)
2012 saw an unprecedented number of spear phishing attacks, and research has shown that hackers have become more creative since then.
Statistics of Opening Phishing Emails
Tessian research showed that the average employee received 14 malicious emails throughout the year.
(Source: Tessian)
The retail industry was one of the worst affected, with workers receiving an average of 49 phishing emails.
| Industry | Number of Malicious Emails Per Employee |
| Retail | 49 |
| Manufacturing | 31 |
| Food and beverage industry | 22 |
| Research and development industry | 16 |
| Tech | 14 |
Young adults aged 25 are more susceptible to phishing scams, almost more than twice that of persons over 55 years.
(Source: Itgovernance)
The numbers show that more young people tend to fall for scams nowadays than older people. Nevertheless, there is also truth in the belief that younger people browse the internet more than older people. It is not just the fact of the volume usage of the internet; there is also the problem with not reading the entire content sent for confirmation.
97% of users are unable to identify a phishing scam.
(Source: Clearedin)
No matter how much training employees have, they can be victims of phishing scams. The phishing scams use different techniques now than the ‘ QR codes for a discount,’ on which many have fallen. These days hackers use more evolved and sophisticated methods of scamming that even skilled internet users can fall into their trap.
45% of employees that clicked on a phishing email said it was because they were distracted.
(Source: Statista)
According to a survey by Statista in 2020, most respondents said they were distracted, which is why they got scammed. Here are the other reasons that employees gave the question why they clicked on phishing emails:
- 43% of the respondents answered that the email looked legitimate
- 41% of the respondents answered that an official person supposedly sent the email from their company
- 40% of the respondents answered that a respected brand sent the mail
- 37% of the respondents answered that they have been tired
- 29% of the respondents answered that they were not paying enough attention
Conclusion
While the internet has made many aspects of our lives more convenient, it also opened the door for scams, as the statistics show. To keep yourself and your business safe, look for phishing protection software.
Fortunately, companies can use DMARC to defend against spoofed emails. These email protocols ensure that only authorized senders can use the domain to send emails, preventing spam emails from being sent. Further, it contains reporting functions so that organizations can continually monitor and improve their protection measures.
FAQ’s
What percentage of emails are phishing?
In 2020, Fortinet discovered that 74% of phishing emails were credential-themed messages designed to steal personal information. Of the phishing emails sent by TrendMicro, 42% were phishing, and 3% were business emails compromising phishes.
Phishing emails are now one of the most popular ways for ransomware to enter a system. Suppose potential threat actors can send out phishing emails while scanning for known-vulnerable services and credential stuffing, their likelihood of success skyrockets. Essentially, ransomware from phishing has become another tool for attackers in the big picture of defensive security.
How many phishing emails are sent each year?
A staggering 3.4 billion phishing emails are sent out daily worldwide. More than a trillion phishing emails are sent by cyber attackers each year; that is downright massive. Since the amount of email people send daily is increasing, so is the number of phishing emails and spam. The most common way people become victims of this threat is by receiving emails. These emails usually request the victim to log in to a site using credentials or click to confirm an account.
