Security Audit

Phishing Attack Statistics 2023: The Ultimate Insight

Updated on: January 10, 2023

Phishing Attack Statistics 2023: The Ultimate Insight

The advent of the cyber world came with its own risks in the form of cyber-attacks carried out by hackers with malicious intent. According to IBM, phishing was one of the top attack vectors in cybercrime at 16%. 

Phishing attacks are a form of social engineering designed to retrieve data from unsuspecting users through the impersonation of reputable websites and authorities to whom victims might reveal information. This article will give a detailed insight into the phishing attack statistics 2023 for you to gain a better understanding. Let’s dive in! 

cyber security statistics
cybercrime statistics
data breach statistics
healthcare data breaches statistics
phishing statistics
ransomware attack statistics
Small business cyber security statistics
3rd party data breaches
cyber insurance claims statistics

Top 10 Phishing Attacks Statistics 2023

Here are the top most intriguing phishing statistics you should be aware of in 2023. 

  1. 55% of phishing websites use targeted brand names to capture sensitive information with ease according to the F5 Labs Phishing and Fraud Report of 2020.   
  2. In 2022, June the hotel chain Marriot was hacked by a hacker stealing 20 GB worth of guest information. 
  3. 84% of US-based organizations have stated that conducting regular security awareness training has helped reduce the rate at which employees fall prey to phishing attacks.
  4. 92% of Australian organizations suffered a successful phishing attack, showing a 53% increase from the year 2021. 
  5. One of the most expensive phishing attacks was through compromised emails with around 19,369 complaints having a loss of $ 1.8 billion. 
  6. 36% of all data breaches involved phishing according to Verizon’s 2022 report.
  7. Highly impersonated brands for phishing are Amazon and Google at 13%, Facebook and Whatsapp at 9%, and Netflix and Apple at 2%. 
  8. It is suggested that nearly 1.2% of all emails sent are malicious in nature, which in numbers translated to 3.4 billion phishing emails a day. 
  9. At 16% phishing was the second most common reason for data breaches and the costliest averaging $ 4.91 million in breach costs. 
  10. Breaches caused by phishing took the third longest mean time to identify and contain at 295 days according to IBM’s 2022 Data Breach Report. 

    Phishing Attack Statistics 2023

    In 2018 it was estimated that by 2022 a ransomware or phishing attack will occur every 11 seconds. This section will feature the latest phishing attack statistics 2023 based on the frequency of occurrence, the cost of such breaches, and pandemic-related increases. 

    Percentage of Phishing Scams

    Phishing scams account for nearly 22 percent of all data breaches that occur thus securing it a position as one of the most prevalent cybercrimes in the FBI’s 2021 IC3 Report. It was also reported that in 2021 nearly 83% of companies experienced phishing attacks. 

    • An extortion of over 33 million records is expected to occur by 2023. 
    • Compare to malware sites, phishing sites are 75% higher in presence. 
    • 50% of phishing websites made use of SSL certificates. 
    • Out of nearly 100 million phishing emails blocked by Gmail filters, 68% belonged to a previously unknown scam. 
    • It was identified that 61% of subjects in a study conducted could not differentiate between a real and a fake Amazon login page.
    • Nearly thirty percent of phishing emails are opened increasing the chances of opening or downloading from malicious links that contain ransomware or malware. 
    • The most commonly used words for phishing e-mails are important (5.4%), attention (2.3%), urgent (8%), and important updates (8%). 
    • The most common reasons mentioned as motivations for phishing are 10% for disruption of site services and 6% for financial gains. 
    • 62% of attacks that did not stem from a cybersecurity error or misuse usually were carried out through the usage of stolen personal information obtained through phishing and or brute-force attacks. 
    • Intelligence is gathered using spear-phishing by 96% of threat actors.
    • Half the phishing e-mail attachments that are received are in the form of Microsoft documents like Word (39.3%), Executable (19.5%), Rich Text (14%), and Excel (8.7%).
    • Phishing websites were generally hosted on .com domains (40%), but threat actors also used other reputable domains like .org (1.8%) and .net (3%). 
    • Nearly 32 percent of phishing websites made use of HTTPS in 2020 to portray an image of assured security.
    • According to AICPA (2018), out of the 60% of Americans that have been exposed to fraud schemes,  26% were through phishing emails.
    • Cofense’s Q3 2021 phishing review shows that nearly 93% of modern breaches involve phishing attacks. 
    • Symantec’s 2019 Threat Report shows that 65% of cyber-attacks are perpetrated through spear phishing. 
    • 67% of all phishing emails have the subject line left blank. However, when used, the most common ones are, ‘Fax delivery report’ (9%), and ‘business proposal request’ (6%). 
    • The hotel chain Marriot was hacked in 2020 resulting in the leak of over 5.2 million guests’ personal information. 
    • For every 4,200 emails sent, 1 would most definitely be a phishing scam email. 

    Cost of Phishing Attacks 

    The cost of phishing attacks on companies has significantly risen through the years, with the $100 million loss faced by Facebook and Google in 2017 perhaps being one of the most infamous examples. Other such instances include: 

    • Statistics showed that in 2018 showed the average cost per data breach was around $150 for each compromised record. 
    • In 2020, IC3 received about 7,91,790 compliant with a recorded loss that exceeded 4.1 billion dollars. 
    • 2021 was one of the costliest years in terms of data breaches through phishing attacks in the last 17 years. 
    • The average BEC attacks requesting wire transfers increased from $71,000 to $106,000 from 2020 to 2021. 
    • It was also seen that nearly 24% of all BEC phishing scams in 2021 aimed to try and divert employee payroll deposits.
    • IBM’s Cost of Data Breach Report for 2021 found that phishing attacks were the second most expensive type of attack costing around $4.6 million.  
    • The difference in cost between companies that are largely compliant and those that are non-compliant was around $2.3 million. 
    • USA had the highest rate of costly data breaches in 2021 at $9.05 million according to IBM. 

    COVID-19 Phishing 

    The rampage of COVID-19 saw a shift of many offline communities to online platforms. This in turn gave a larger diaspora for phishing attacks to take place which can be pinpointed through specific episodes: 

    • The average data breach cost during remote working was $1 million higher than the pre-pandemic scenario. 
    • More than 450 COVID-19-related financial support scams took place. 
    • Individuals looking for COVID-19-related facts and other details like testing and treatment were targeted. 
    • Globally known medical bodies like the CDC (US’s Centre For Disease Control) and the UN’s WHO (World Health Organization) were impersonated to carry out a variety of scams during the pandemic. 
    • Organizations that did not evolve their IT to cope with the pandemic faced a breach that cost an average of $5.01 million. 
    • Nearly 43% of all breaches since 2019 have been web application related. 
    • Scams increased by 400% since March 2020 thus making COVID-19 one of the largest causes of security risks ever. 

    Industries Commonly Targeted and Their Impact

    1. Technology

    phishing attack statistics 2023

    It is always assumed that technology-related businesses will always have an impeccable security system in place that helps prevent phishing and other scams. However, resource allocation for tech companies can vary severely depending on their goals thus at times affecting the effectiveness of the security solutions implemented by them. Hence it is always important for tech companies to ensure that their staff and company data are protected with the highest priority. 

    Phishing statistics for Technology: 

    • Nearly 82% of CIOs believe that their software supply chain securities are weak. 
    • Cyber attacks were 50% more per week in 2021 on corporate networks globally.
    • 65% increase in global losses between July 2019 to December 2021. 
    • Nearly 1.7 billion were lost businesses per minute in 2021. 
    • 80% of reported cyber crimes are generally attributed to phishing attacks in the technology sector. 

    2. Healthcare

    One of the prime targets of phishing scams, the threats faced by healthcare have significantly increased during the pandemic. Private patient information is some of the most valuable information stored that can be used to commit identity theft, insurance fraud, and more. Since healthcare is one of the oldest fields that has been collecting patient health information even before the advent of digitalization, the transition from paper storage to digital can pave the way for its own security risks. 

    Healthcare phishing statistics: 

    • 90% of healthcare institutions have experienced at least one security breach in the previous few years. 
    • Phishing and other forms of cyber attacks have seen a 75% increase in 2021. 
    • 30% of most data breaches occur in large hospitals with a record of exposing patients’ private health information. 

    3. SMEs

    Rather than targeting big well-established and known companies prone to have high-end security facilities, scammers nowadays find small and medium-sized enterprises to be much easier targets. This is mainly because such companies will have comparatively lesser security measures in place to thwart such attacks effectively thereby making themselves appetizing targets. Such upcoming companies may not have their cybersecurity roles filled or might not have the resources to fully place effective security measures.  

    Phishing statistics for SMEs: 

    • Only 14% of SMEs have a cyber security plan in place. 
    • The next five years are due to see a 15% increase in cybercrime costs reaching 10.5 trillion by 2025. 
    • Small businesses account for 43% of cyber attacks annually. 
    • An average of $25,000 is lost by SMEs.
    • Besides phishing, other common cyber attacks on SMEs include credential theft and making use of stolen devices. 

    4. Educational Sector

    Yet another hub of personal data storage, the educational sector is a prime target for phishing and scams. From addresses to passwords and identification documents, they are all stored by nearly every educational institution. However, it is important to understand that sensitive information isn’t restricted to student and faculty information alone, rather can also include sensitive information from research institutes as well. Thus making phishing scams more highly prevalent in this sector.  

    • Educational institutions saw a 75% increase in cyber-attacks. 
    • Currently, most malware scams affect the educational sector largely making them an at-risk sector. 
    • In terms of security against such phishing scams, educational institutions rank very last. 

    Trends In Phishing Scams

    1. COVID-19 

    The onset of the pandemic saw a slew of phishing attacks aimed at innocents through fake claims of donations and or payments as well as financial support pages all places for accessing sensitive information from users and stealing money. 

    COVID-19-specific statistics: 

    • The online working scenario had nearly 20% of organizations facing a security breach due to a remote worker. 
    • 28% of remotely working employees admit they make use of personal devices for work rather than office-issued devices thus creating a huge area for potential cyberattacks. 
    • Some of the top COVID-19-related phishing keywords in 2020 were: virus, corona, quarantine, and COVID. 
    • Data stealing malware like Corona anti-locker ultimate and other wide range of threats were observed during the pandemic. 
    • Nearly 2% of all malware spam was related to the pandemic. 

    2. War In Ukraine

    The war in Ukraine has been a major scope for scammers and other malicious attackers to take advantage of through donation and fundraising scams. Using subject lines such as “ Help save children from Ukraine” are used to target victims via emails. Not only money but cryptocurrency, as well as information, is also stolen as part of this trend. 

    Ukraine war-related phishing statistics:

    • Phishing emails in the Slavic language saw a 7-fold increase since the onset of the war.   
    • Most of the phishing attempts were made through the impersonation of legitimate domains but by changing some unnoticeable components. 
    • Malware was placed on Ukrainian systems under the offer of free data decryption but was to wipe out the systems. 
    • Hacking groups attempted to hack military personnel’s email accounts in a mass phishing attack which if turned successful was used to collect confidential information to send further fake emails.

    3. Spear Phishing

    A general phishing campaign involves a website you’ve never visited or used before. This makes it much easier to recognize. However, with a spear-phishing campaign, the emails received aren’t generalized like these, rather they are targeted to your needs or look like they are from websites you’ve visited before thus making it much more difficult to identify them as phishing scams until it’s too late. 

    • 65% of attackers have opted for spear phishing as their prime choice method of attack. 
    • Nearly 71% of all targeted attacks are done through spear phishing.
    • In 2012 nearly 90% of cyber attacks were through spear phishing. 

    4. Extension and Credential Phishing

    Popular file extensions like .pdf, .html, and .htm along with Google, and Adobe were made for phishing schemes. The latter is known as credential phishing, where sign-in data is stolen from users. 

    • The number of malicious PDF files sent saw a dramatic increase in 2020 with it being sent to over 5 million users. 
    • Phishing using PDF files with fake CAPTCHAs was also used to lure users.
    • 52% of companies had their credentials compromised to access confidential and private information in 2021.
    • PDF files count for 14% of total malicious file extensions while others like, .zip and . jar account for nearly 37%.  

    5. Online Communication Platforms

    Recent trends have also seen an increase in phishing attacks aimed at online communication platforms like Zoom, Slack, Microsoft Teams, and more. Another trend is attacking through social media platforms such as  Instagram and more through strangers’ messages leading to account takeover by malicious attackers. 

    Communication platform cyber attack statistics: 

    • 50,000 and more Zoom account details were sold on the dark web for as little as $0.0020 per account. 
    • A large percentage of online fraud (70%) is now accomplished through mobile applications.
    • In 2019, Facebook breaches were a major cause of data leakages.
    • Nearly 8% of social media cyberattacks are through phishing. 
    • LinkedIn phishing messages account for 47% of all social media phishing attempts.

    How To Prevent Phishing Attacks? 

    • Enable Multifactor Authentication

    Enabling two or multi-Factor Authentication can drastically help reduce and avoid falling prey to phishing attacks. This is because the data obtained through phishing if successful becomes redundant due to the further authentication steps in place. 

    • Cybersecurity Software

    Opting for a well-established and experienced cyber security software can help in the detection and blocking of such phishing attempts thereby keeping the company and its data secure. 

    • Employee Training

    Giving company employees regular training on secure data handling practices, tips to look out for in recognizing phishing emails, having a top-notch security system in place for their devices, and other similar measures can drastically reduce the chances of being a victim of a phishing scheme. 

    • Be Cautious About E-mails

    Always be cautious about e-mails received. Check for spelling mistakes, immediate requirement subject lines, company details, whether an email has previously been received from the same address, is it trustworthy, these are some of the questions and points that one should take note of when checking emails that look suspicious. 


    With the cybersecurity landscape changing ever so constantly, knowing the figures and facts related to it, and its risks like phishing and other scams can give a deep insight. This article has focused mainly on the phishing attack statistics of 2023, the major sectors that fall victim to it, and the latest trends in phishing.

    Was this post helpful?

    Nivedita James

    Nivedita is a technical writer with Astra who has a deep love for knowledge and all things curious in nature. An avid reader at heart she found her calling writing about SEO, robotics, and currently cybersecurity.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Inline Feedbacks
    View all comments

    Psst! Hi there. We’re Astra.

    We make security simple and hassle-free for thousands
    of websites and businesses worldwide.

    Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

    earth spiders cards bugs spiders

    Made with ❤️ in USA France India Germany