Phishing – a common term associated with e-mail fraud has emerged as one of the most prominent cyberattacks today. Victims are lured via fake correspondence, often in the form of e-mails or social media messages, leading to carefully constructed phishing sites. Such sites, often masquerading as log-in pages or online forms, then capture users’ data, which is subsequently used to commit online fraud or identity theft. It is also not uncommon for links in one of these cleverly disguised messages to create a gateway for malware to make its way into a system.
In 2022, around 30 percent of adults worldwide
encountered phishing scams. In the same year, Vietnam had the
biggest share of internet users facing phishing attacks. Furthermore, in the fourth quarter of 2022, there were
over 1.35 million unique phishing sites worldwide.
Types of phishing attacks
As cyber crime becomes a significant threat, cyber attacks take on different shapes and platforms. The most widespread type of phishing scam in 2022 was bulk phishing, with around 85 percent of companies worldwide
experiencing it.
Cyber attacks that use mobile phones to deliver phishing are called smishing. In 2022, around three in four organizations worldwide
reported having experienced this type of attack. In the same year, Peru had
the highest share of users experiencing mobile phishing attacks with credential theft, followed by the Bahamas.
Another form of phishing, business e-mail compromise (BEC) attacks, was
commonly detected in the Americas. These scams were primarily
delivered in the form of luring.
In vishing attacks, also considered social engineering attacks, threat actors use phones to extract confidential information from victims. Seven in ten organizations reported
experiencing vishing scams in the most recent measured period.
Which industries are targeted by phishing attacks?
In the fourth quarter of 2022, financial institutions were the
biggest target of phishing attacks, followed by software services, and webmail. Delivery services were also vulnerable to phishing attacks, as in 2022 over 27 percent of overall detected phishing attacks
targeted these companies.
Regarding financial impact through phishing attacks, business and professional services and the media and entertainment sector had the
highest losses.
In phishing simulations in worldwide organizations, the engineering sector showed the
highest failure rate among other industries, followed by aerospace and mining.
Brand impersonation in phishing
In phishing attacks, threat actors often use well-known brands' names to gain a victim's trust faster. This form of phishing is also called spoofing. In October 2022, almost 600 brand names
were involved in phishing attacks worldwide. Microsoft, Google, and Yahoo were the most
commonly used brand names in spoofing. PayPal was the most
frequently used payment system in phishing attacks, with over 84 percent of such attacks having some referral to the service.
Phishing encounter in worldwide companies
When threat actors target companies, if successful, they can access a much larger amount of sensitive data than in the case of individuals. This is why organizations are under constant danger of phishing attempts. In the first quarter of 2023, nearly six in ten employee-reported e-mails had
the intention of credential theft. Downtime, business disruption, and sensitive data loss were
common consequences of cyber attacks for most organizations. Overall, companies with 250 to 499 employees felt this impact the strongest. Between 2001 and 2022, companies seem to have
improved customer and client data protection, as the share of firms experiencing a breach of customer or client data went from 54 to 44 percent in the measured period.
Phishing encounter in worldwide companies
Companies keep investing in cyber security, and
employee training is a good place to start with. In 2022, 44 percent of surveyed employees took part in computer-based, and 36 percent attended an in-person training. In the meantime, almost four in ten companies named the lack of automation and insufficient predictability the
main obstacles to preventing and responding to phishing attacks.
This text provides general information. Statista assumes no
liability for the information given being complete or correct.
Due to varying update cycles, statistics can display more up-to-date
data than referenced in the text.