Phishing - Statistics & Facts
Phishing – a common term associated with e-mail fraud has emerged as one of the most prominent cyberattacks today. Victims are lured via fake correspondence, often in the form of e-mails or social media messages, leading to carefully constructed phishing sites. Such sites, often masquerading as log-in pages or online forms, then capture users’ data, which is subsequently used to commit online fraud or identity theft. It is also not uncommon for links in one of these cleverly disguised messages to create a gateway for malware to make its way into a system.
In 2023, nearly nine million phishing attacks were detected worldwide, and in the first quarter of 2024 only, there were nearly one million unique phishing sites worldwide.
With development of generative AI, writing a phishing e-mail has become easier. As a result, it takes a minimum effort to launch phishing campaigns. The best way to protect yourself is to use online protection tools, such as VPNs, tools that can monitor your data online, notify you about data leaks, and frequently scan your device.
Most common types of phishing attacks
The most widespread type of phishing scam in 2023 was bulk phishing, with around 86 percent of companies worldwide experiencing it. Cyberattacks that deliver phishing scams via text messages are called smishing. In 2023, around three in four organizations worldwide reported having experienced this type of attack. In the same year, business e-mail compromise (BEC) scams targeted nearly 21,500 victims in the United States. These scams were primarily delivered in the form of luring. In voice phishing or vishing attacks, also considered social engineering attacks, threat actors use phones to extract confidential information from victims. Seven in ten organizations reported experiencing vishing scams in the most recently measured period.The human error
Phishing attacks remain successful because despite the efforts to spread awareness and digital literacy among internet users, they still fall for it. In the work setting, falling for a phishing scam is often considered shameful and lack of professionalism. However, falling a victim for phishing e-mails can have different reasons – lack of time, being exhausted by too many e-mails, no reason not to believe the sender, or nothing obviously suspicious in the phishing e-mail. Research conducted in 2023 found that 10.4 percent of employees worldwide clicked on malicious links and over 60 percent of those who clicked, submitted a password on malicious websites. Moreover, employees at small organizations were more likely to click on malicious links. One of the obstacles to organizations’ security is the fact that employees continuously download and use collaboration tools that are not approved by the IT department.Brand impersonation and e-mail service abuse
IIn phishing attacks, threat actors often use well-known brands' names to gain victims’ trust faster. This form of phishing is also called spoofing. In March 2024, over 301 brand names were involved in phishing attacks worldwide.With development of generative AI, writing a phishing e-mail has become easier. As a result, it takes a minimum effort to launch phishing campaigns. The best way to protect yourself is to use online protection tools, such as VPNs, tools that can monitor your data online, notify you about data leaks, and frequently scan your device.
