38.2% of cyberattacks in the U.S. are caused by phishing.
In 2021, there were 847,376 cyberattacks in the U.S., of which 323,972 were phishing attacks, including vishing, smishing, and pharming.
Percentage of Phishing Attacks in the U.S. by Years
| Year | Number of Cyberattacks | Number of Phishing Attacks (including vishing, smishing and pharming) | Percentage of Phishing Attacks, % |
| 2017 | 301,580 | 25,344 | 8.4% |
| 2018 | 351,937 | 26,379 | 7.5% |
| 2019 | 467,361 | 114,702 | 24.5% |
| 2020 | 791,790 | 241,342 | 30.5% |
| 2021 | 847,376 | 323,972 | 38.2% |
The number of phishing attacks in the U.S. increased from 25,344 in 2017 to 323,972 in 2021.
(Source: FBI IC3)
This is more than a 1000% increase in the number of phishing attacks over 5 years. And it’s not just the United States seeing this dramatic increase. Phishing attacks occur all over the world, and both companies and individuals are victims.
General Phishing Scam Statistics
There are nearly 75 times more phishing sites on the net than malware sites.
(Source: Cloud Security Alliance)
The numbers show that people and organizations need to be vigilant of the sites they open and the content they agree to read on. So before opening a page or content on a site, check if the page has been corrupted.
Every 20 seconds, a new phishing site is built on the Internet.
(Source: Dataprot)
The speed at which new phishing sites are created is unimaginable. There are so many of them that there is a need for a better data protection system to identify them before they even start functioning.
A shocking number of people – 70% open phishing emails.
(Source: Dataprot)
Many people need help to recognize a scam. Nowadays, phishing emails are more sophisticated and can deceive even a skillful user.
Users from 25 – 44 years are the most common target of phishing attacks, according to TCSEW.
(Source: ons.gov.uk)
The Telephone-operated Crime Survey of England and Wales compiled the results and discovered that young adults and middle-aged adults are the main targets of phishing attacks. With the recent surge in online shopping due to the pandemic, fraudsters have taken advantage of behavioral changes.
In the first three months of 2022, there were 1,025,968 phishing attacks.
(Source: HelpNetSecurity)
Statistics show the massive attacks on the Internet on individuals and organizations. Paying attention and having a solid data protection provider is all that can be done to defend from those attacks.
Phishing Attacks Frequency Statistics
IBM’s 2021 research showed that phishing attacks rose by 2% between 2019 and 2020.
(Source: Egress)
The research shows an increase in phishing attacks, and COVID -19 is partly to blame. So many things have changed in the past couple of years with the digitalization of almost all industries, giving attackers more targets to prey upon.
CISCO’s report in 2021 proved that 86% of organizations had at least one employee clicking a phishing link.
(Source: Egress)
The report states that in 2021, most organizations were targeted by hackers. Training employees about scams, cyber-attacks, and phishing can prevent many security breaches.
According to the FBI, phishing was the third most frequent type of scam reported, no matter the firm’s size, industry, or place.
(Source: Clearedin)
According to phishing facts, compared to other cyber attacks, phishing is relatively easy. Phishers do not need to try to infiltrate a system or find infrastructure vulnerabilities; they target the weakest chain in a company – its workers.
1,970,811 phishing attacks were recorded from April to June 2022.
(Source: Phishing activity trends reports)
There is an increase from Q1 to Q2 in 2022. The report shows that the numbers keep going up.
Statistics of Different Types of Phishing Attacks
A recent study in 2022 showed that loaders were responsible for more than half of all phishing attacks.
(Comparitech)
Conference discovered in their Q1 2022 phishing review that loaders are the most sought-after tools for phishing, surpassing information stealers and keyloggers.
In the first three months of 2022, it was noted that nearly 59% of all malicious emails were credential theft phishing against organization users – a 7% increase.
(Source: HelpNetSecurity)
These attacks can be hard to spot because the emails often do not show any signs of malicious intent.
Almost two-thirds of all known cyber attack groups use spear phishing emails, and 96% of targeted attacks are done for intelligence gathering.
(Source: Comparitech)
It is known that spear phishing attacks use personalized messages to target persons. The numbers show that spear phishing has advanced over time, and it is finding new topics to lure targets to give out sensitive information.
3% of phishing attacks come through malicious websites and 1% from mobiles.
(Source: Tessian)
96% of phishing attacks come from the mail, but it should be remembered that even 3% is a large number that comes from corrupted sites. As we can see, there is a threat even via phone.
Cost of Phishing Attacks
In 2021 it was estimated by RiskIQ that businesses on a global scale lose $1,797,945 a minute because of cybercrime.
(Source: Tessian)
So, according to this research, the average breach costs a firm $7.2 a minute. It is a large number that is lost daily by companies. That is why companies must have a secure data protection provider.
Midpoint $4.37 million is the cost of a data breach where compromised credentials were used.
(Source: Tessian)
This was estimated to be the fifth most expensive data breach.
A Data Version Investigation report claims that in the six months following the data breach, businesses saw their stock drop by 5%.
(Data Version Investigation report, Tessian)
The collected data shows an enormous impact on the performance of the companies after a data breach which results in a stock drop and a substantial financial cost.
Cybercrime is predicted to cost victims $6 trillion yearly by 2021.
(Source: Dataprot)
Due to the enormous increase in cybercrime attacks, organizations must search for the best way to protect their data and find the best cyber protection providers.
$1 trillion was predicted for spending on cybersecurity products and services from 2017-2021.
(Source: Embroker)
By having a data response breach plan, the firm will be prepared for the unfortunate event when a breach does happen. A risk management strategy will help lower the financial consequences of a hacker attack.
Statistics of Phishing Attacks on Business
Phishing attacks are responsible for 90% of corporate security breaches.
(Source: Dataprot)
Phishing attacks remain a considerable security concern for companies. Although many companies spend money to make their IT systems safe, those systems are only as robust as their users.
42% of employees admitted to taking dangerous actions online, placing themselves at risk for a phishing attack.
(Source: Cybertalk)
These actions included clicking on unknown links, downloading files from untrustworthy sources, or exposing personal data carelessly.
On average, mid-sized businesses lose $1.6 million if they become victims of spear phishing.
(Dataprot)
If you consider the steady growth in internet phishing attacks since 2017, the Phishing and wire fraud statistics suggest that this is a number that very few can afford.
The three most regular types of attacks on small businesses are 57% phishing/social engineering, 33% compromised/stolen devices, and 30% credential theft.
(Source: Embroker)
By comprehending the hackers’ goals and ramifications, as a company, you must reduce the probability, obtain value in the cybersecurity endeavors and even avert future strikes.
Statistics of Phishing Attacks by Industry
In the first quarter of 2022, 23.6% of all phishing attacks targeted financial institutions globally.
(Source: Statista)
Unsurprisingly, the financial industry is the most targeted industry by phishing attacks. There is valuable information that can be gathered and used for lucrative purposes to benefit the hackers.
Most Targeted Industries by Phishing Attacks In the First Quarter of 2022
| Industry | Percentage of the Phishing Attacks (Worldwide), % |
| Financial | 23.6% |
| SaaS/Webmail | 20.5% |
| E-commerce/retail | 14.6% |
| Other industries | 13.4% |
| Social media | 12.5% |
| Cryptocurrency | 6.6% |
| Payment | 5% |
| Logistics/Shipping | 3.8% |
Conclusion
You cannot always prevent hackers from phishing or spear-phishing you or your company, but you can prepare for it when it happens. The first logical step needs to be to train the employees. Remind workers of the critical characteristics of a phishing email so they are more scrupulous in inspecting emails, attachments, and links before taking further action. The next step in cyber protection should be investing in a solid data protection provider because antivirus software and filter spams are no longer effective.
FAQ’s
How many phishing attacks in 2022?
According to research by APWG, there were 1,025,968 observed attacks in the first three months of 2022. Last year 83% of organizations reported experiencing phishing attacks, and this year the number is expected to rise to six billion total attacks. That is more than double the number of unique websites identified last year!
What percentage of phishing attacks are successful?
Around 60% of security leaders said that their organization faced data loss, 52% stated credential compromise, and 47% contended with ransomware because of successful phishing attacks. However, phishing attacks are easy to commit but more complex to prevent. According to corporate statistics, 90% of all recorded instances of these types of attacks include companies’ compromised credentials.
What is the average lifetime of phishing?
According to an observation of current data, it was concluded that hosted phishing pages become not active faster than others. 25% of the pages lasted no more than eight hours, and only 12.3% of all pages stayed active after thirty days.
