Introduction
Phishing emails are responsible for the majority of data breaches and financial losses faced by individuals and businesses every year. The stakes of phishing attacks are high. In 2017, Google and Facebook had to bear a massive loss of $100 million because of phishing. Understandably, victims of phishing attacks often report feelings of emotional distress and distrust in online platforms.
Being aware of the negative impact of phishing emails is crucial for protecting ourselves online. This article presents statistics related to phishing emails, giving you an idea of their prevalence and associated risks.
Phishing Statistics Highlights
- By Brand: Microsoft is found to be imitated the most in phishing email attacks. In Q3 2023, Microsoft was impersonated in 61% of all phishing attacks.
- Click Rate: The average click rate for phishing emails was 17.8% in 2021, which indicates that 1 in 5 users interact with phishing emails.
- Volume: An estimated 3.4 billion phishing emails are sent daily.
- Spear Phishing: Less than 0.2% of all phishing attempts are spear phishing, which accounts for 66% of all data breaches.
- By Country: The USA was targeted with 10.43 billion phishing emails in 2023, making it the country most affected by phishing emails.
- By Industry: Approximately 30.5% of phishing emails target social media, 21.2% target SaaS/Webmail, 13% target the financial sector, 8% target e-commerce/retail, 5.8% target payment industries, and the remaining 21.2% target other industries.
- AI Effectiveness: AI-generated phishing emails deceive 60% of their recipients.
What is Phishing?
Phishing is one of the most common types of cyberattacks. In it, cybercriminals, commonly known as phishers, manipulate people into giving away their personal information while pretending to be from a legitimate entity.
An example of a phishing email is a fake email impersonating PayPal and asking you to reset your password urgently by clicking a link. The malicious link redirects to a spoofed website and steals any information entered on the webpage.
Top Impersonated Brands
Phishers will most likely imitate popular and trusted platforms with a large user base, as seen in the research conducted by CheckPoint in the third quarter of 2024. Microsoft was impersonated in 61% of all phishing attacks, followed by Apple and Google at 12% and 7%, respectively.
Microsoft is specifically targeted because of its extensive use in business settings. These attacks primarily aim at Microsoft employees to compromise their accounts and gain illegal access to their systems.
Phishing Emails Click Rate
Phishing emails tend to have a high click rate because they are designed to trick users into believing that the email is legitimate. According to research from 2021, the average click rate for phishing emails was an alarming 17.8%. This indicates that around 1 in 5 users interact with phishing emails.
Volume of Phishing Emails
Due to its high success rate, phishing is one of the most common cyberattacks. The scale of phishing emails continues to rise. A whopping 3.4 billion phishing emails are sent each day worldwide. One reason behind this high volume is mass phishing, in which emails are sent out in bulk to random users.
Many scams are initiated by phishing attempts. According to research by Deloitte, 91% of all cyberattacks begin with phishing emails.
Spear Phishing
Spear phishing is a type of phishing email in which users are specifically targeted. Unlike mass phishing emails, spear phishing emails are not sent randomly in bulk. Instead, information about recipients is researched beforehand, which makes these attacks so successful.
Spear phishing is not very common, as gaining access to users' information is challenging and time-consuming. It accounts for less than 0.2% of all phishing attacks. Despite the low volume, 66% of all data breaches are because of spear phishing emails. (Barracuda)
Countries Targeted by Phishing
According to research conducted in 2023, the United States was targeted with the most phishing attacks, with around 10.43 billion phishing emails in a single year alone. Countries like China and the Netherlands followed the United States, with 2.08 and 1.22 billion phishing emails, respectively.
Despite global efforts to raise cybersecurity awareness, some countries and regions continue to be extensively targeted by phishing attacks, mainly due to a lack of digital literacy.
Phishing Attack Distribution Across Industries
Phishers usually target industries with large user bases to increase their chances of success. Here's a breakdown of the percentage of phishing attacks aimed at the top industries in the third quarter of 2024.
- Social Media: 30.5%
- SaaS/Webmail: 21.2%
- Financial Sector: 13%
- E-commerce/Retail: 8%
- Payment: 5.8%
Social Media (30.5%)
Social media platforms are primarily targeted by phishers for multiple reasons, including their large user base and extensive use by people of all age groups.
By hacking social media accounts, phishers can access personal information about users, such as email addresses, birthdates, phone numbers, and, in some scenarios, financial details. The hacked personal information can be misused for identity theft.
Most users use the same credentials for multiple online accounts, causing them to be compromised, too.
SaaS/Webmail (21.2%)
SaaS (Software as a Service) and webmail are second on the list of industries targeted by phishing attacks. These applications hold a lot of information that can be valuable to cybercriminals, such as personal information, financial details, and sensitive documents.
SaaS and webmail platforms such as Gmail and Yahoo are trusted, so attacks targeting them are likely to succeed.
Financial Sector (13%)
Cybercriminals make a lot of money from successful phishing attacks on financial institutions. Phishers send emails pretending to be from legitimate organizations and harvest users' financial details, such as credit card information. They use this compromised information to make online purchases or transfer money to other accounts.
E-commerce/Retail (8%)
E-commerce and retail industries are lucrative targets for phishers. Due to their large user base, they are a giant source of personal and financial information. Phishers try to obtain this information to conduct fraudulent transactions. These phishing attacks are usually at their peak during the sales seasons.
Role of AI
With the boom of AI, it is becoming increasingly challenging to identify phishing emails. Phishers are turning to AI tools as they save costs and help craft emails that look deceptively legitimate. 60% of recipients get deceived by AI-generated phishing emails, a shocking number.
The situation may look bleak, but email service providers are also utilizing AI to refine their filtering systems to catch such emails. Gmail claims that its filtering system is capable of blocking 99.9% of spam, phishing, and malware-infected emails. It blocks around 15 billion unwanted emails each day.
Read our detailed article on phishing emails to learn more about these email attacks and how to identify and protect yourself from this menace.
Conclusion
In this article, we highlighted some surprising statistics related to phishing emails. This is done to raise awareness about this growing problem. Phishing emails continue to gain popularity among cybercriminals due to their effectiveness.
With the rise of generative AI, phishing emails are getting harder to detect. Despite this, major email providers such as Gmail are taking action to strengthen their systems over time against such attacks. It is crucial to stay informed and learn how to identify phishing emails and not solely depend on your email provider, as some phishing emails can manage to evade detection.
