A phishing scam is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. Scammers send emails or SMS messages, pretending to be a trusted entity like a financial institution or an online payment service. As phishing messages become increasingly sophisticated, many organisations and individuals are still falling prey to this pervasive scam despite growing awareness. Below are the 27 phishing statistics you probably didn’t hear about which clearly constitute how serious this threat is in the cyber world.

1. Between the years 2019 and 2020, the number of organisations that faced a successful phishing scam increased from 55% to 57%.

2. Nearly 1.5 million new phishing sites are created each month.

3. In April 2020, Google blocked 18 million daily malware and phishing emails related to Coronavirus.

4. SaaS and webmail services accounted for 34.7% of phishing attacks internationally during the first quarter of 2021.

5. Phishing attacks account for more than 80% of reported security incidents in 2020.

6. An analysis of more than 55 million emails shows that 1 in every 99 emails is a phishing attack.

7. Microsoft is the most impersonated company internationally when it comes to brand phishing attacks, holding the majority with 43%, followed by DHL (18%), LinkedIn (6%), and Amazon (5%).

8. In a survey in which 2000 experts in the US and UK were asked about mistakes they have made at work, 47% of respondents cited distraction as the top reason for falling for a phishing scam.

9. 95% of all attacks on enterprise networks are the result of successful spear phishing.

10. LinkedIn phishing messages make up 47% of social media phishing attempts, making faux LinkedIn messages by far the most common social media phishing subject.

11. 8 in 1 employees shares the information to phishing websites.

12. During the third quarter of 2020, the most common types of malicious files attached to phishing emails were as follows: Windows executables (74%), script files (11%), office documents (5%), compressed archives (4%), and PDF documents (2%).

13. Among 410000 simulated phishing emails to target users, 50.42% of phishing messages were opened by the target, 32.09% went on to click the malicious attachment or link.

14. There were more than 11 times as many phishing complaints in 2020 compared to 2016.

15. 96% of phishing attacks arrive by email where another 3% are carried out through malicious websites and just 1% via phone.

16. Stripe, a popular payment processor, witnessed 1267% growth in phishing targeting in September and October 2018. The same report also reveals that BNP Paribas saw 800% growth, Capital One saw 333% growth, and HSBC saw 320% growth, and Adobe witnessed a 305% increase in the volume of phishing attacks.

17. Google has registered 2145013 phishing sites as of January 17, 2021. This is up from 1690000 on January 19, 2020 (up 27% over 12 months).

18. 97% of users cannot identify a sophisticated phishing email.

19. In 2018, Google and Facebook lost $100 million as a result of an email phishing scheme.

20. 65% of attacker groups used spear-phishing as the primary infection vector.

21. 48% of malicious email attachments are office files.

22. In a survey of more than 600 IT security professionals and 3500 working adults, about 60% of respondents said their organization faced fewer or about the same number of phishing attacks in 2019 compared to 2018.

23. Spain was the most targeted country by spam and phishing during the third quarter of 2020, with 7.76% of the total, followed by Germany with 7.05% and Russia with 5.87%.

24. 93% of organisations measure the cost of phishing attacks in some capacity. Only 60% of these organisations provide formal cybersecurity education to their users.

25. In 2020, phishing and accidental release of information accounted for 26% of all breaches, after hacking (68%).

26. In the third quarter of 2020, the most popular top-level domain with phishers was .com with 40.09% of the total number of top-level domains used in attacks, followed by .xyz with 5.84%, .net with 3.00%, and .ru with 2.93%.

27. The online store category received the most phishing attacks with 19.22% of all phishing attacks, followed by web portals (14.48%) and banking organisations (10.89%).