Site icon Astra Security Blog

81 Phishing Attack Statistics 2024: The Ultimate Insight

Phishing Statistics 2022

Phishing email statistics suggest that nearly 1.2% of all emails sent are malicious, which in numbers translated to 3.4 billion phishing emails daily. Extortion of over 33 million records is expected to occur by 2023 with a ransomware or phishing attack occurring every 11 seconds.

The advent of the cyber world came with its risks in the form of cyber-attacks carried out by hackers with malicious intent. This article will give a detailed insight into the phishing attack statistics 2024 for you to gain a better understanding. Let’s dive in!

Top Phishing Attacks Statistics 2024

Here are the top most intriguing recent phishing attacks statistics you should be aware of in 2024. 

  1. 55% of phishing websites use targeted brand names to capture sensitive information with ease according to the F5 Labs Phishing and Fraud Report of 2020.   
  2. 84% of US-based organizations have stated that conducting regular security awareness training has helped reduce the rate at which employees fall prey to phishing attacks.
  3. 92% of Australian organizations suffered a successful phishing attack, showing a 53% increase from the year 2021. 
  4. Highly impersonated brands for phishing are Amazon and Google at 13%, Facebook and Whatsapp at 9%, and Netflix and Apple at 2%. 
  5. Breaches caused by phishing took the third longest mean time to identify and contain at 295 days according to IBM’s 2022 Data Breach Report. 

Phishing Attack Statistics 2024

In 2018 it was estimated that by 2022 a ransomware or phishing attack will occur every 11 seconds. This section will feature the latest online phishing attack statistics 2024 based on the frequency of occurrence, the cost of such breaches, and pandemic-related increases. 

What percentage of cyber attacks are phishing?

Phishing scams account for nearly 22 percent of all data breaches that occur thus securing it a position as one of the most prevalent cybercrimes in the FBI’s 2021 IC3 Report. It was also reported that in 2021 nearly 83% of companies experienced phishing attacks. 

How common are phishing attacks? 

36% of all data breaches involved phishing according to Verizon’s 2022 report. It was estimated that by 2022 a ransomware or phishing attack will occur every 11 seconds.

How many phishing emails are sent daily? 

Phishing email statistics suggest that nearly 1.2% of all emails sent are malicious, which in numbers translated to 3.4 billion phishing emails daily. For every 4,200 emails sent, 1 would most definitely be a phishing scam email.

How many businesses are targeted by spear-phishing attacks each day?

Statistics by Norton reveal that around 88% of organizations face spear phishing attacks in a year meaning businesses are targeted almost every day. A 2019 Threat Report by Symantec showed that 65% of cyber-attacks are perpetrated through spear phishing. 

How much money is lost to email scams every year? 

At 16% phishing was the second most common reason for data breaches and the costliest averaging $ 4.91 million in breach costs. One of the most expensive phishing attacks was through compromised emails with around 19,369 complaints having a loss of $ 1.8 billion. 

68% of latest phishing emails are new scams, most have the subject lines left blank

Out of nearly 100 million phishing emails blocked by Gmail filters, 68% belonged to a previously unknown scam. 67% of all phishing emails have the subject line left blank. However, when used, the most common ones are, ‘Fax delivery report’ (9%), and ‘business proposal request’ (6%). 

Phishing one of the top attack vectors for cybercrime at 16%

According to IBM, phishing was one of the top attack vectors in cybercrime at 16%. Phishing resulted in an average of $ 4.91 million in breach costs. Cofense’s Q3 2021 phishing review shows that nearly 93% of modern breaches involve phishing attacks.

30% of opened phishing emails increase the chances of malware 

Nearly thirty percent of phishing emails are opened increasing the chances of opening or downloading from malicious links that contain ransomware or malware. The most commonly used words for phishing e-mails are important (5.4%), attention (2.3%), urgent (8%), and important updates (8%). 

BEC phishing scams from 2020 to 2021

The average BEC attacks requesting wire transfers increased from $71,000 to $106,000 from 2020 to 2021. It was also seen that nearly 24% of all BEC phishing scams in 2021 aimed to try and divert employee payroll deposits.

2021 costly in term phishing attacks at around $4.6 million

2021 was one of the costliest years in data breaches through phishing attacks in the last 17 years. IBM’s Cost of Data Breach Report for 2021 found that phishing attacks were the second most expensive type of attack costing around $4.6 million.  

The average cost of a data breach during remote work is higher by $1 million

Organizations that did not evolve their IT to cope with the pandemic faced a breach that cost an average of $5.01 million. The average data breach cost during remote working was $1 million higher than the pre-pandemic scenario. 

Percentage of Phishing Scams

Cost of Phishing Attacks 

The cost of phishing attacks on companies has significantly risen through the years, with the $100 million loss faced by Facebook and Google in 2017 perhaps being one of the most infamous examples. Other such instances include: 

COVID-19 Phishing 

The rampage of COVID-19 saw a shift of many offline communities to online platforms. This in turn gave a larger diaspora for phishing attacks to take place which can be pinpointed through specific episodes: 

Industries Commonly Targeted and Their Impact

1. Technology

It is always assumed that technology-related businesses will always have an impeccable security system in place that helps prevent phishing and other scams. 

However, resource allocation for tech companies can vary severely depending on their goals. Hence it is always important for tech companies to ensure that their staff and company data are protected with the highest priority. 

Phishing statistics for Technology: 

2. Healthcare

One of the prime targets of phishing scams, the threats faced by healthcare have significantly increased during the pandemic. Private patient information is some of the most valuable information stored that can be used to commit identity theft, insurance fraud, and more. Since healthcare is one of the oldest fields that has been collecting patient health information even before the advent of digitalization, the transition from paper storage to digital can pave the way for its own security risks. 

Healthcare phishing statistics: 

3. SMEs

Rather than targeting big well-established and known companies prone to have high-end security facilities, scammers nowadays find small and medium-sized enterprises to be much easier targets. This is mainly because such companies will have comparatively lesser security measures in place to thwart such attacks effectively thereby making themselves appetizing targets. Such upcoming companies may not have their cybersecurity roles filled or might not have the resources to fully place effective security measures.  

Phishing statistics for SMEs: 

4. Educational Sector

Yet another hub of personal data storage, the educational sector is a prime target for phishing and scams. From addresses to passwords and identification documents, they are all stored by nearly every educational institution. However, it is important to understand that sensitive information isn’t restricted to student and faculty information alone, rather can also include sensitive information from research institutes as well. Thus making phishing scams more highly prevalent in this sector.  

Trends In Phishing Scams

1. COVID-19 

The onset of the pandemic saw a slew of phishing attacks aimed at innocents through fake claims of donations and or payments as well as financial support pages all places for accessing sensitive information from users and stealing money. 

COVID-19-specific statistics: 

2. War In Ukraine

The war in Ukraine has been a major scope for scammers and other malicious attackers to take advantage of through donation and fundraising scams. Using subject lines such as “ Help save children from Ukraine” are used to target victims via emails. Not only money but cryptocurrency, as well as information, is also stolen as part of this trend. 

Ukraine war-related phishing statistics:

3. Online Communication Platforms

Recent trends have also seen an increase in phishing attacks aimed at online communication platforms like Zoom, Slack, Microsoft Teams, and more. Another trend is attacking through social media platforms such as  Instagram and more through strangers’ messages leading to account takeover by malicious attackers. 

Communication platform cyber attack statistics: 

What are the types of phishing attacks?

1. Spear Phishing

A general phishing campaign involves a website you’ve never visited or used before. This makes it much easier to recognize. However, with a spear-phishing campaign, the emails received aren’t generalized like these, rather they are targeted to your needs or look like they are from websites you’ve visited before thus making it much more difficult to identify them as phishing scams until it’s too late. 

 2. Extension and Credential Phishing

Popular file extensions like .pdf, .html, and .htm along with Google, and Adobe were made for phishing schemes. The latter is known as credential phishing, where sign-in data is stolen from users. 

How To Prevent Phishing Attacks? 

Enabling two or multi-Factor Authentication can drastically help reduce and avoid falling prey to phishing attacks. This is because the data obtained through phishing if successful becomes redundant due to the further authentication steps in place. 

Opting for a well-established and experienced cyber security software can help in the detection and blocking of such phishing attempts thereby keeping the company and its data secure. 

Giving company employees regular training on secure data handling practices, tips to look out for in recognizing phishing emails, having a top-notch security system in place for their devices, and other similar measures can drastically reduce the chances of being a victim of a phishing scheme. 

Always be cautious about e-mails received. Check for spelling mistakes, immediate requirement subject lines, company details, whether an email has previously been received from the same address, is it trustworthy, these are some of the questions and points that one should take note of when checking emails that look suspicious. 

Adopting IPv6 email infrastructure can enhance the security of email systems. IPv6 offers better encryption and a more extensive range of IP addresses, reducing the risk of IP spoofing, a common tactic in phishing attacks. By transitioning to IPv6, organisations can leverage improved security features and more robust authentication mechanisms, making it harder for phishers to exploit vulnerabilities inherent in the older IPv4 systems.


With the cybersecurity landscape changing ever so constantly, knowing the figures and facts related to it, and its risks like phishing and other scams can give a deep insight. This article has focused mainly on the phishing attack statistics of 2024, the major sectors that fall victim to it, and the latest trends in phishing.


What type of phishing attack targets specific users or groups?

Spear-phishing targets specific groups or users with content that is designed specifically lure them in. 65% of attackers have opted for spear phishing as their prime choice method of attack. 

How many phishing attacks in 2022?

A report by VentureBeat indicates that 2022 witnessed around 255 millions phishing attacks showing a 61% increase phishing attack percentage from 2021. 

Exit mobile version