Phishing Attack Statistics and Trends You Should Know
Phishing attack statistics show that attacks through email have become a universal concern. This kind of cyberattack uses social engineering to trick people to hand over their sensitive information via email.
Most IT security experts around the world believe that 80% of online frauds are happening through emails (Phishing attacks). Weaknesses in security policies, processes & infrastructure, and lack of awareness are to blame for such a kind of security breach.
That said, a phishing attack is one of the most dangerous types of cyber threat the world is facing now. But, how bad the situation is? To help you get a grip on the latest trends, we’ve brought together the statistics to put some light on the seriousness of the threat. Also, at the same, provide you with the remediation to ensure you are safe from security threats.
Note: The statistics and report on phishing attacks provided are from third-party sources, they may change from time to time. We’ll be updating you with the latest figures as new researches unfold.
How Often Are Phishing Attacks Happening?
Every year, phishing attacks are rapidly increasing & in return posing a great threat to individuals as well as businesses around the world. According to a research report published in 2021 by Tessian, employees received an average of 14 malicious emails per year.
While ESET’s 2021 research and phishing attack statistics show that a 7.3% increase in email-based attacks, especially phishing campaigns is seen between May & August 2021.
In addition, the 2021 report on phishing attack by IBM 2021 cited a 2% rise in phishing attacks between 2019 and 2020. Said to have partly occurred during COVID-19 and supply chain uncertainty. Plus, CISCO’s cybersecurity threat report shows that around 86% of organizations are falling victim to phishing attacks just by clicking on malicious links. And, as per the company’s data, majorly phishing is responsible for 90% of data breaches.
It’s hard to predict the frequency of phishing attacks due to their uneven distribution throughout the year. However, CISCO discovered that attacks related to phishing are likely to arise during the holiday season. Reports suggest that phishing attacks surged nearly by 52% in December itself.
Phishing Attack Statistics Reveal The Attacks Spiked During Global Pandemic
Many cyber criminals took the advantage of the unfortunate COVID-19 and remote working situation. According to Zscaler, between January & March 2020, the number of suspicious messages targeting remote workers drastically increased by a huge percentage. While the number of COVID-19-related spear phishing attacks soared by around 600%.
In addition to that, the outbreak has seen approximately 130,000 plus suspicious newly registered domains. The sole motive behind registering for new domains is to take advantage of words and themes associated with current events and to slip away from reputation blocklists.
What Are The Most Common Subject lines Picked For Phishing Attacks?
Since the major source for carrying out phishing attacks is email, threat actors came up with clever subject lines to easily hook the users.
As per the phishing attack statistics and report by Symantec’s 2019 Internet Security Threat Report (ISTR), the top five subject lines for business email compromise (BEC) attacks started with: ‘Urgent’, ‘Request’, ‘Important’, ‘Payment’, and ‘Attention’.
Here are the most popular subject lines used by hackers in Q4 of 2020 –
IT: Annual Asset Record
Changes to your health benefits
Twitter: Security alert: Urgent action needed
Amazon: Your Amazon Prime Membership has been declined
Zoom: Scheduled Meeting Error
Google Pay: Payment Successful
Stimulus Cancellation Request Approved
Microsoft 365: Action required:
Workday: Reminder: Important Security Upgrade Required
The Data That’s Compromised and The Overall Cost Associated
With reference to phishing attack statistics, cybercriminals target compromising these types of data.
- Credentials(User names, passwords, ATM pins, etc)
- Personal information(Name, address, email address, etc)
- Medical Data(information related to medical history, health insurance, etc)
If you look into the serious impact of successful phishing attacks, then according to cyber experts here are the consequences cited by them.
- 61% of organizations lost their sensitive data.
- 53% of industries compromised their credentials.
- 20% of enterprises experienced financial losses.
According to a report by IBM, data breach costs increased to 4.24 million dollars, the highest average total cost in history.
Phishing Attack Statistics Highlighting Real-World Examples
With time phishing attacks also evolved and their target became corporate employees. They fulfill their malicious intentions through Business Email Compromise (BEC) attacks.
One of the biggest BEC scams of all time is when tech giants Facebook and Google fall victim to a phishing attack that led to losing $121 million. Just like that, many reputed organizations Toyota, Snapchat, Ubiquiti, etc to name a few also lost millions of dollars due to security breaches in their IT infrastructure.
Reports suggest that BEC attackers managed to make $1.8 billion in 2020 which is far more than the amount made via any other form of cybercrime.
How Can You Control The Phishing Attack Spikes?
Report on phishing attack suggests that you can’t stop hackers from sending phishing emails. But, you can certainly adapt to proactive security measures to prevent them. One such step is training. You should start taking the help of experienced professionals to educate your staff to make them aware of phishing attacks and their impact.
Whether it’s providing education around social media phishing, applying stronger endpoint solutions that can identify malicious behavior across device types, reducing smishing, or testing out a new zero-trust strategy, SysTools’ Cyber Experts always are on the frontline to assist. Hence, your organization should have the support of experienced hands to make the workplace more secure and phishing free.
Also, read the article Hire Professional Forensics Investigators to Identify Moonlighting Employees.