Phishing Statistics Every Information Security Manager Should Know

By Mike Polatsek
image May 03, 2021 image 5 MIN READ

Phishing attacks play a major and painful role in today’s cybersecurity landscape. Despite growing investment in email security technologies, no solution is capable of blocking 100% of phishing emails, and enterprises need to accept the fact that many of them get through employee’s email. To better understand this cyber monster, we should look at some history and statistics of phishing emails:

When did Phishing begin?

Phishing started in 1999 when cyber criminals tried to steal AOL accounts, passwords and financial account details. Phishing was so common in AOL during the 1990s that they included a warning on all instant messages saying “no one working at AOL will ask for your password or billing information.” 

Phishing grew and became more sophisticated and by 2007, according to Microsoft, phishing losses in the US were an estimated $60 million. Over the years,  phishing attacks have generated hundreds of notable phishing stories. Whether it’s the Austrian CEO who lost $47 million in 2016 or the ordinary Facebook users who wired more than $100 million overseas to a hacker in 2017, cyberattacks have been growing not just in frequency but in the amount of financial damage.

Phishing email statistics show that attacks are on the rise in 2020, with businesses facing phishing now more than ever. A variety of sources including government agencies, security firms, and private companies collect and monitor phishing statistics, and it’s important to understand them, and their potential impact on your organization. 

In this blog, we review a lot of interesting phishing statistics, but there are two key takeaways. First, phishing is a serious threat to enterprises and employees are on the frontline of the battle. Second, phishing is a seasonal, emotional, destructive cybercrime, with highly deceptive, ever-changing, and adapting tactics. Staying up to date and keeping employees up to date is key to identifying and thwarting phishing threats. Phishing statistics for 2020 show that cyber criminals are dynamic, sophisticated, and are not going away anytime soon.

Here are some phishing statistics for 2020-2021:

  1. Fake CDC emails are on the rise, according to the FBI.
  2. Phishing emails with updated content are now going around, with some asking for private information in order for you to receive your stimulus check.
  3. As with any crisis there are fake charities scamming consumers. The FBI warns that COVID-19 related phishing scams can range from charities to airline refunds or vaccines and are on the rise in 2020.
  4. The Department of Homeland Security names the top scams for 2020 as phishing attacks, imposter scams, “you won” scams, healthcare scams, tech support scams, and identity theft.
  5. Microsoft’s Digital Defense Report  in September 2020, the main conclusion is that the sophistication of cyber attackers has increased dramatically, with opportunistic scams and news-oriented themes.
  6. Microsoft blocked 13 billion malicious and suspicious emails in 2019.
  7. According to Microsoft, the top spoofed brands are Microsoft, UPS, Amazon, Apple, and Zoom
  8. There is a notable shift from malware to phishing according to Microsoft.
  9. APWG (Anti-Phishing Working Group) Trends Report  shows that the average wire transfer amount for the second quarter of 2020 was $80,183, a significant increase from $54,000 in the first quarter
  10. The number of individual phishing sites has decreased from 165k to 147k, according to APWG.
  11. 78% of phishing sites use SSL, according to APWG.
  12. SAAS and webmail sites are the biggest risk, according to APWG’s 2nd Quarter 2020 report.
  13. BEC (Business Email Compromise) is a scary phishing attack where scammers target businesses – in 2020 66% of these scams request gift cards, 16% payroll diversions (down from 25%), and 18% requested bank transfers according to APWG.
  14. In BEC scams, gift cards for eBay, Google Play, Apple iTunes, and Steam Wallet made up 70% of gift card requests, says APWG.
  15. APWG notes that 72% of BEC attacks in 2020 were from free webmail accounts, up from 61% from the beginning of the year.

Here are some questions that can help you understand phishing statistics.

According to phishing email statistics, what is the percentage of organizations targeted by phishing attacks?

According to a 2019 study, 88% of organizations have had a phishing attack.

What do phishing statistics say? How common is phishing?

In 2019, 88% of organizations had a phishing attack. It’s hard to say exactly how common because of the nature of the crime.

What are examples of phishing attacks?

  1. The most popular of phishing emails is a phishing email that looks like it’s from a large, popular company. A bulk of these emails seem urgent and request sensitive information.
  2. Spear phishing where an email looks like it’s someone you know or work with.
  3. Whale phishing is like spear phishing but targets senior executives or high profile individuals.
  4. Spoofed website scams are where you click a link to a website, but it goes to a fake version of that website and steals your information.
  5. Malware is when you install a program without knowing it by clicking a link or downloading a file.
  6. Spoofed WiFi scams are when a cyber criminal sets up a WiFi network with a name so similar to yours that you can’t see the difference and connect to the “fake” network.
  7. Amazing deal phishing attacks entice consumers with deals, but gives them malicious links that can lead to security breaches
  8. Always be on the lookout for new scams. Healthcare phishing statistics show COVID-19 related attacks on the rise.

Are phishing emails illegal?

Yes, phishing emails are illegal. Law officials classify phishing as a crime of fraud or identity theft because phishing crimes impersonate people or businesses in order to run phishing scams.

What are some phishing statistics for 2020 in the UK?

The UK government released a report on cybersecurity breaches. Here are some phishing statistics taken from the report.

Are phishing emails easy to spot?

Phishing emails aren’t easy to spot, which is why they are so dangerous. With cybercriminals updating their scams on a daily basis, it’s understandable that a regular person can’t keep up with all the latest.

Are phishing emails dangerous?

Phishing emails are one of the most dangerous cyber attacks out there because they compromise your credentials and steal your identity fast. Businesses around the world have lost millions of dollars due to phishing emails. Many famous data breaches started with phishing emails.

How can phishing be prevented?

If you’ve been following the phishing statistics it’s clear that cyber criminals are very intelligent and always finding new and tricky ways to scam even the most sophisticated CEOs. Phishing cannot be prevented, but it can be managed. 

Learning about phishing isn’t a one-time thing, it’s an ongoing effort to stay up to date as to the latest scams, risks, and dangers. Talk to us to find out how to best deliver continuous security awareness training for your employees.