{"id":91,"date":"2023-04-10T10:20:21","date_gmt":"2023-04-10T10:20:21","guid":{"rendered":"https:\/\/dataprot.net\/?p=91"},"modified":"2023-07-14T06:44:33","modified_gmt":"2023-07-14T06:44:33","slug":"phishing-statistics","status":"publish","type":"post","link":"https:\/\/dataprot.net\/statistics\/phishing-statistics\/","title":{"rendered":"Phishing Statistics & How to Avoid Taking the Bait"},"content":{"rendered":"\n
Do you recognize the sender\u2019s company name? Is it spelled right? Do you know the sender?<\/p>\n\n\n\n
We aren\u2019t accustomed to thinking of email messages as dangerous. But experts say we should be paranoid about our inboxes. Spear phishers are after us. <\/p>\n\n\n\n
Phishing attacks are innocent-looking emails, pop-ups, ads, and company communications that tempt you to click so they can install spyware<\/a>, viruses, and other malware on your computer or phone<\/a>.<\/p>\n\n\n\n These phishing statistics will show you how pervasive and damaging these attacks can be.<\/p>\n\n\n\n You\u2019re right to be paranoid. They are out to get you.<\/p>\n\n\n\n It means a cybercriminal thinks of you as a doorway to valuable data. Hackers send an innocent-looking message and hope that with a single click, you\u2019ll launch a script or app that steals data from your system or infiltrates your corporate network.<\/p>\n\n\n\n Whether you are an online shopper<\/a> or own a small business, you may be a hacker\u2019s next target. There are many kinds of phishing attacks. Here are a half-dozen of the most common.<\/p>\n\n\n\n Here are some eye-opening cyber security facts<\/a> that could keep you awake at night.<\/p>\n\n\n\n Considering the speedy rise of phishing attacks on businesses and organizations and the hazardous damage it does, enough awareness of phishing growth statistics must be carried out to curtail this increase. <\/p>\n\n\n\n (Verizon)<\/p>\n\n\n\n According to Verizon\u2019s 2022 Data Breach Investigation Report, which contains updated statistics on phishing scams, nearly 36% of all reported data breaches in 2022 involved phishing activity.<\/p>\n\n\n\n Researchers found that email fraud was also the primary tool in 78% of cyber-espionage incidents.<\/p>\n\n\n\n (Digital Guardian)<\/p>\n\n\n\n Phishing attacks are easy to mount, but that doesn\u2019t mean stopping them is easy. They remain a significant security risk for most companies.<\/p>\n\n\n\n Corporate phishing statistics show that 90% of phishing attacks include compromised credentials. Companies invest tremendous amounts of capital in securing the IT infrastructure, but in the end, corporate systems are only as secure as corporate users.<\/p>\n\n\n\n (Tech.co)<\/p>\n\n\n\n Statistics on the success of phishing attacks show that hackers have developed highly sophisticated strategies. For example, they register an email domain that reads like the target companies. <\/p>\n\n\n\n Still, they replace, add, or drop a character, such as a zero for the letter O. They create email accounts using the names of real corporate executives. This way, examples of phishing emails they send out seem valid to all but the most careful recipients.<\/p>\n\n\n\n The scheme doesn\u2019t end there. Phishing campaign statistics researchers have found that these websites typically disappear after an average of 40 hours. <\/p>\n\n\n\n Hackers need more time or incentive to maintain them after they serve their purpose, and there\u2019s no time for cybersecurity<\/a> software to find and block them.<\/p>\n\n\n\n (Tech.co)<\/p>\n\n\n\n Business emails can be compromised via phishing attacks, which cost $4.89 million for them to recover from the adverse consequences; compromised credentials of organizations’ data cost $4.5 million, on average, during recovery.<\/p>\n\n\n\n According to FBI phishing statistics, most of the funds generated in worldwide phishing attacks are wired to banks in China and Hong Kong.<\/p>\n\n\n\n (Cloudflare)<\/p>\n\n\n\n AT&T was the most impersonated brand in phishing attacks in 2022. Coming second is Paypal, followed by Microsoft, DHL, and Facebook. According to Cloudflare, its network protects 20% of the global network, and its email security prevented about 2.3 billion unwanted emails from hitting inboxes in 2022.<\/p>\n\n\n\n (IBM)<\/p>\n\n\n\n Globally, cyberattacks rose by 38% in 2022 compared to 2021. Verizon uncovered cybersecurity threats and hacking facts in more than 86 countries worldwide. The Cloud Security Report by Snyk shows that 80% of organizations experienced at least one severe cloud security incident in 2022.\u00a0<\/p>\n\n\n\n According to the IBM Cost of Data Breach<\/a> Report 2022, 83% of organizations studied suffered more than one data breach. <\/p>\n\n\n\n (Statista)<\/p>\n\n\n\n In the first quarter of 2022, financial institutions, with 23.6%, were the top targets of phishing attacks, followed by web-based software services and webmail, accounting for 20.5% of phishing attacks.<\/p>\n\n\n\n Spear phishing statistics show that software-as-a-service users and webmail service companies remain the biggest targets for phishing software scams. Phishers harvest credentials at email servers to help them make their fraudulent emails more convincing when they attack SaaS companies.<\/p>\n\n\n\n (IBM)<\/p>\n\n\n\n Cybersecurity Incident Response Plan or CSIRP helps in remediating cyberattacks on companies. It consists of plans companies should do in case of a data breach or cyberattack. Companies can better understand how to handle attacks when applied and tested consistently. <\/p>\n\n\n\n Even though studies regularly report on recent phishing attacks and emphasize that fast response can help contain and minimize the damage, shortfalls in proper cybersecurity protection have remained consistent over the past four years.<\/p>\n\n\n\n (Get Astra)<\/p>\n\n\n\n Phishing email statistics show that nearly 1.2% of emails are malicious. The implication of this is that 3.4 billion phishing emails are sent daily. Thus, 1 out of 4,200 emails sent is a phishing scam email.<\/p>\n\n\n\n (IBM)<\/p>\n\n\n\n Statistics of phishing scams reveal that cyber attacks are an increasingly severe risk for organizations, but many senior staffers seem to believe that their organizations won\u2019t be targeted.<\/p>\n\n\n\n Why? Some say their organizations are too small to appear on hackers\u2019 radars. Some say they don\u2019t have anything worth attacking. The truth is, neither of these is a deterrent. Cybercriminals are indiscriminate when selecting targets.<\/p>\n\n\n\n This is why IBM statistics show that it takes companies 277 days to detect a data breach in their organizations and 75 days to contain it. An average breach cycle takes 287 days.<\/p>\n\n\n\n Disparate phishing attack techniques efficiently obtain personal and corporate information from victims. As technology advances, cybercriminals\u2019 techniques evolve<\/a> along with them. <\/p>\n\n\n\n Email security filters effectively ensure that spam messages never reach the inbox. But they have little or no effect when it comes to blocking phishing. The messages bypass security filters and target simple human curiosity – as seen in these scary phishing statistics.<\/p>\n\n\n\n (EFT Sure)<\/p>\n\n\n\n Scammers that send malicious email attachments send them in various forms, such as Word documents, PowerPoint presentations, or Excel spreadsheets. Using Microsoft Office formats to seem more genuine, thus increasing open rates; that is why about 48% of malicious email attachments are Microsoft Office Files.<\/p>\n\n\n\n (Key Factor)<\/p>\n\n\n\n PhishLabs reported that in the second quarter of 2021, 83% of phishing sites used Domain Validated (DV) SSL Certificates\u2014a significant increase to today. How does phishing work? It plays on trust. And nothing says trustworthy like a URL that begins with HTTPS.<\/p>\n\n\n\n More to the point, nothing says not-<\/em>trustworthy like a Google Chrome warning page that says \u201cNot Secure\u201d and requires a second click before you visit a non-SSL site. Phishing statistics keep increasing because hackers better impersonate legitimate communications and websites.<\/p>\n\n\n\n (Digital Information World)<\/p>\n\n\n\n Cybercriminals know that compromising a user\u2019s identity and credentials is the best way to access bank accounts, personal information, and corporate data. That\u2019s the avenue that accounts for the most famous social engineering attacks and the most promising avenue for future phishing.<\/p>\n\n\n\n According to phishing attack statistics, credential harvesting has become the base of most cyber attacks. The use of stolen data varies from case to case.<\/p>\n\n\n\n Some fraudsters use the data for subsequent attacks where the goal is to gain access to more extensive systems or networks. Some monetize them by taking over bank accounts or simply selling them on the dark web<\/p>\n\n\n\n (Egress)<\/p>\n\n\n\n Verizon\u2019s 2021 DBIR Master Guide stated that in 2021, 11% of phishing emails contained malware, while 22% contained hacks.<\/p>\n\n\n\n This type of attack is the most common by far. Identity theft phishing statistics reveal that the purpose of these attacks is usually to hijack one\u2019s device, steal data, launch a DDoS attack, or commit fraud.<\/p>\n\n\n\n What makes malware so harmful? The answer is that it comes in many variations and spreads incredibly quickly. All fraudsters need is a single click on a malicious link, and the whole organization is compromised.<\/p>\n\n\n\n (AAG IT Services)<\/p>\n\n\n\n According to the FBI’s 2021 IC3 Report, there were 300,497 reports from phishing victims in the U.S., with business email compromise attacks costing U.S. victims more than $2.7 billion.<\/p>\n\n\n\n (Statista)<\/p>\n\n\n\n Phishing attack statistics show that medical centers are very vulnerable to cyberattacks. Hackers know that medical institutions must promptly address security breaches because people\u2019s lives and sensitive medical data are on the line.<\/p>\n\n\n\n The U.S. Internet Crime Complaint Center (IC3) received 210 complaints indicating ransomware attacks on healthcare organizations worldwide in 2022. The second most victimized sector was the manufacturing industry, followed by Government facilities.<\/p>\n\n\n\n The general phishing statistics outlined below show how fast new phishing sites are created, the open rate of phishing emails, and the different types of phishing attacks as of 2023.<\/p>\n\n\n\n (Get Astra)<\/p>\n\n\n\n Those attacks, more and more often, target smartphones<\/a>. \u201cUsers on a mobile device are 18 times more likely to be exposed to phishing than malware,\u201d says Dr. Michael J. Covington, product VP at mobile security vendor Wandera.<\/p>\n\n\n\n Recent phishing statistics show that mobile phishing is relentless within enterprise networks, and experts don\u2019t expect this to change any time soon. Unsuspecting victims are encouraged by tempting phishing strategies and continue to click links or run files with malicious code.<\/p>\n\n\n\n (N-able)<\/p>\n\n\n\n Despite the ever-evolving sophistication with which phishing scammers innovate, phishing strategies can never be 100% successful. They are close. However, phishing stats show that spear-phishing emails work because they are believable. More often than not, the user on the receiving end doesn\u2019t know what to watch out for.<\/p>\n\n\n\nKey Phishing Statistics for 2023<\/strong><\/h2>\n\n\n\n
\n
What does phishing mean? <\/strong><\/h3>\n\n\n\n
Types of Phishing<\/strong><\/h3>\n\n\n\n
\n
\n
\n
\n
\n
\n
Phishing Growth Trends: Businesses and Organizations<\/strong><\/h3>\n\n\n\n
1. Nearly one-third (36%) of all data breaches in 2022 involved phishing.<\/strong><\/h4>\n\n\n\n
2. Phishing attacks result from 90% of corporate security breaches.<\/strong><\/h4>\n\n\n\n
3. The costliest attack costs an average of $4.9 million to recover from a phishing attack. <\/strong><\/h4>\n\n\n\n
4. Compromised business email cost companies $4.89 million in 2022.<\/strong><\/h4>\n\n\n\n
5. AT&T Inc. was cybercriminals’ most frequently impersonated brand in 2022.<\/strong><\/h4>\n\n\n\n
6. 83% of businesses and organizations studied have suffered more than one breach.<\/strong><\/h4>\n\n\n\n
7. Financial institutions were the most frequent targets of phishing attacks in 2022.<\/strong><\/h4>\n\n\n\n
8. Only 26% of organizations have a response plan for cybersecurity incidents like phishing.<\/strong><\/h4>\n\n\n\n
9. Over 3.4 billion phishing emails are sent daily.<\/strong><\/h4>\n\n\n\n
10. It takes over 9 months for companies to detect a data breach in 2022.<\/strong><\/h4>\n\n\n\n
Phishing Methods by the Numbers for 2023<\/strong><\/h3>\n\n\n\n
11. 48% of malicious email attachments were Microsoft Office Files in 2022.<\/strong><\/h4>\n\n\n\n
12. 90.5% of phishing sites use SSL certificates.<\/strong><\/h4>\n\n\n\n
13. About 76% of the phishing attacks were credential-harvesting in 2022.<\/strong><\/h4>\n\n\n\n
14. 11% of phishing attacks contain links to malware.<\/strong><\/h4>\n\n\n\n
15. Phishing accounts for 22% of all data breaches in 2021.<\/strong><\/h4>\n\n\n\n
16. Healthcare organizations were the most targeted sector of <\/strong>ransomware attacks<\/strong><\/a> in 2022.<\/strong><\/h4>\n\n\n\n
Phishing: General Statistics for 2023<\/strong><\/h3>\n\n\n\n
17. A new phishing site is created every 11 seconds.<\/strong><\/h4>\n\n\n\n
18. Phishing targets open 70% of phishing emails they receive.<\/strong><\/h4>\n\n\n\n