30 Staggering Phishing Statistics to Make You Pay Attention

The latest phishing statistics show that this type of online scam became prevalent during 2020. As a result, many organizations and individuals suffered costly attacks. Unfortunately, many people still believe that clicking on any links in emails is safe.

What’s more, phishing doesn’t only happen in the emailing space. Today, attackers expanded their operations to mobile phones and social media. Check out these statistics and remain cautious of the SMS that comes from your bank.

Top Phishing Facts (Editor’s Choice)

  • A total of 75% of organizations globally experienced phishing attacks.
  • Microsoft is the most impersonated brand when it comes to phishing attempts, in 43% of cases.
  • Almost 20% of all employees would click a phishing link.
  • Businesses around the world lose about $17,700 every minute because of phishing.
  • More than 60% of Americans know a victim of a phishing attack.
  • About 15% of people who were successfully scammed will be targeted at least once more in 12 months.
  • Business email compromise scammers earned more than $1.8 billion in 2020.
  • In general, 85% of phishing attacks occur via other channels besides emails.

Phishing attacks became more common during the pandemic. So much so that Google registered over two million new phishing websites. Additionally, whaling attacks also increased. Here’s what the statistics say.

1. Phishing was the most common attack in 2020, with incidents doubling in frequency from 2019.

(Source: Tessian)

There were 114,702 phishing incidents in 2019, and in 2020, this number grew to 241,324. This makes phishing the most common type of cyber attack in 2020, especially since 43% of breaches involved it.

2. In general, 85% of phishing attacks occur via other channels besides emails.

(Source: Security Magazine)

There are many types of phishing attacks, and not all happen via email. A total of 85% of phishing attacks happen via other channels, like messaging, gaming, and social and productivity apps. For example, SMS phishing (smishing) and voice phishing (vishing) are new forms of attacks.

3. A total of 75% of organizations globally experienced phishing attacks.

(Source: Tessian)

Phishing was also pointed towards big companies, and 75% of them globally experienced phishing attacks, according to phishing statistics. Additionally, 35% experienced spear phishing, and 65% suffered business email compromise (BEC).

4. Overall, 74% of organizations in the US experienced a successful phishing attack.

(Source: Tessian) 

Still, there’s a slight difference between an attempt and a successful attack. Overall, 74% of organizations in the US suffered a successful phishing attack. Compared to the global average, this number is 30% higher. According to phishing facts, it’s also 14% higher than last year.

5. About 96% of phishing attacks were delivered via email.

(Source: Tessian)

It seems that emails remain a preferred method of delivering a phishing attack, in 96% of cases. Another 3% happened via malicious websites, and only 1% via mobile phones.

6. Windows executables are the most common malware files attached to emails, in 74% of cases.

(Source: Tessian)

When it comes to the most common malware attached to emails, cyber attack statistics show it was Windows executables, in 74% of cases. The second most common attachments were script files, in 11% of cases. Finally, the least used were Android executables, in less than 1% of attacks. 

7. Microsoft is the most impersonated brand when it comes to phishing attempts, in 43% of cases.

(Source: Expert Insights)

Scammers often impersonate a well-known organization or a company. According to the latest data, Microsoft is the most impersonated company, in a total of 43% of phishing emails. Phishing statistics for 2020 also show that the reason behind this could be that many other organizations have relied on Microsoft’s cloud applications since the start of the pandemic. 

8. A total of 60% of organizations suffered a loss of data because of phishing.

(Source: Tessian)

When it comes to the impact of phishing attacks on organizations, 60% lost their data. A total of 52% had compromised credentials or accounts, and 47% were attacked by ransomware. However, only 18% of companies suffered financial loss. 

9. Whaling attacks rose by 200% in 2017.

(Source: Varonis)

According to the most recent phishing stats, whaling attacks increased by 200% in 2017. A whaling attack is defined as spear-phishing, but the targets are bigger—high-level executives or a broader group of victims. 

(Source: Expert insights)

What’s even worse is that 20% of employees are likely to click on a phishing link. However, the problems don’t end here. Overall, 67.5% would then enter their credentials on a phishing website, business email compromise statistics show. 

11. Sony Pictures suffered the largest phishing attacks and lost over $100 million.

(Source: Inky)

Hackers attacked Sony Pictures by posing as employees’ colleagues on LinkedIn. They sent malicious emails with malware, which resulted in 100 terabytes of stolen data and a damage of $100 million. Google, Facebook, the Ukrainian power grid, and many other companies also faced some of the biggest phishing attacks to date.

12. Google registered 2.02 million phishing websites as of January 2020.

(Sources: Tessian; Forbes)

Ever since 2016, phishing has been connected to the leading type of unsafe website. Today, there are 75x more phishing websites than malware sites. Additionally, statistics show that Google registered 2.02 million phishing websites as of January 2020. However, that number grew to 2,145,013 phishing websites in January 2021.

Phishing Victims Statistics 

Everyone can become a victim of phishing. Unfortunately, some people are more aware than others. For example, UK citizens are the best informed about what phishing is. Still, countries with the highest risk are in Europe and Africa. 

(Source: Keepnet Labs)

The good thing to note is that 78% of people are aware of the risks of clicking on unknown links. Still, internet fraud statistics show that they click on the links regardless of what they know.

14. United Kingdom citizens are the most aware of what phishing is, a total of 69% of them.

(Source: Tessian)

The latest data shows that phishing awareness varies based on the region. The residents of the UK appear to be the most aware of what a phishing attack is, with 69% of them knowing the definition of phishing. Australia and Japan share a second spot, with 66% of people being aware of what phishing is.

15. About 42% of the attackers target people in the US.

(Source: Duo)

Phishing demographics show that a total of 42% of attackers target US citizens. On the other hand, just 10% aim for the people in the UK. Still, the countries with the highest risk remain centered in Europe and Africa.

16. More than 61% of Americans think that a screenshot of a phishing website is a real site.

(Source: PR Newswire)

In the research conducted by Avast, respondents were shown two similar screenshots of Amazon login pages, where one screenshot was from a phishing website and one from a legit one. The statistics on phishing based on this survey showed that 61% of respondents failed to differentiate the phishing website from a real one. 

17. A total of 76% of business owners say they have felt more exposed to frauds since the pandemic started.

(Source: Expert Insights)

Ever since the pandemic and the lockdowns started, more businesses have suffered cyber attacks since many moved their operations online. This led to 76% of business owners claiming they were more exposed to frauds, phishing attacks statistics show.

18. About 15% of people who were successfully scammed will be targeted at least once more in 12 months.

(Source: Hive Systems)

Overall, about 15% of people who went through the online scam will become a target once more in the following 12 months. Still, the latest email filtering technology might help prevent these attacks.

Cost of Phishing Attacks 

During the last few years, the costs of phishing attacks increased, reaching the highest levels so far in 2021. Businesses are so endangered that many end up losing more than $17,000 each minute. 

19. Businesses around the world lose about $17,700 every minute because of phishing.

(Source: Tessian)

Phishing attacks remain among the most expensive breaches. So much so that many businesses around the world lose about $17,700 each minute because of phishing. On average, phishing attacks cost businesses $4.65 million, according to 2021 phishing statistics.

20. There was a 10% increase in the average cost of a data breach between 2020 and 2021.

(Source: Tessian)

Overall data breach costs increased from $3.86 million to $4.24 million, and there was a 10% increase in the average costs from 2020 to 2021. What’s more, this is the largest single-year cost increase in the last seven years, based on the latest hacking statistics.

21. Business email compromise scammers earned more than $1.8 billion in 2020.

(Source: FBI Internet Crime Report)

According to the FBI data, business email compromise (BEC) attacks cost companies a total of $1.8 billion in 2020. There were 19,369 incidents reported to the Internet Crime Complaint Center, and this attack is usually conducted by compromising legitimate business emails through social engineering. 

22. The average cost of a phishing attack reached $14.8 million for US companies.

(Source: Cybersecurity Dive)

The overall financial effect of phishing attacks quadrupled in the last six years, reaching $14.8 million in 2021. Additionally, companies spend about $6 million annually to deal with business email compromise attacks, and this number includes $1.17 million in illicit payments to attackers. The costs to protect credentials also increased, reaching $692,531 in 2021.

Social Media Phishing Statistics

Unfortunately, phishing isn’t reserved only for emails. Attackers will use any platform that allows them to send a phishing message, including social media. However, some social networks are more suitable for attacks than others.

(Source: Atlas VPN)

At the moment, LinkedIn is one of the most common places where phishing attacks occur. This platform has an average 47% open rate of messages and links, statistics on phishing attacks show.

24. Overall, more than 5% of phishing attacks happen on social media.

(Source: SectigoStore)

In general, one in 20 phishing attacks happens on social media platforms. In general, about 5% of total phishing attacks happen on social media. This makes social media networks just another place where attackers lure their victims.

25. Social media-enabled scams generate at least $3.25 billion of global annual revenue.

(Source: SectigoStore)

Overall, social engineering statistics show that social media platforms are a tool hackers love to use. In general, social media-enabled crimes and scams generate at least $3.25 billion annual global revenue. What’s more, 12% of suspicious phishing links were accessed directly via messenger.

26. In 2019, a staggering 78% of organizations in the US reported social media phishing attacks.

(Source: SectigoStore)

Based on the latest data, not only individuals are victims of phishing attacks on social media. Organizations also suffer from social media phishing. For example, in the US, 78% of businesses were attacked in 2019.

Mobile Phishing Statistics 

These statistics show that phishing attacks expanded to all venues. Today, victims receive SMS and even phone calls from scammers who are looking to steal or verify their personal information.

27. SMS phishing scams grew 328% during 2020.

(Safety Detectives)

Even though the term ‘smishing’ was created in 2006, it wasn’t used up until recently. During 2020, smishing attacks grew 328%, and the pandemic is often used in SMS attacks, 2020 phishing attack statistics show.

28. A total of 44% of Americans reported an increase in phone calls and SMS scams during the first two weeks of quarantine.

(Source: SafetyDetectives)

Still, SMS wasn’t the only way attackers tried to get to their victims. Besides SMS, scam phone calls were also highly present during the first two weeks of lockdown in the US. Additionally, hackers often use fake local numbers to get people to answer and provide data, according to phishing attack statistics.

29. Over 28% of scam calls target the victim’s personal data.

(Source: CKD3)

When it comes to voice phishing or vishing, 28% of attacks target the victim’s personal data. Additionally, 75% of people received phone calls from scammers who already had some private information. Unfortunately, 75% of scam victims said attackers could verify their complete social security number, according to the latest voice phishing scam statistics.

30. Overall, 84% of organizations were victims of mobile phishing attacks.

(Source: Proofpoint)

Just like with social media attacks, individuals aren’t the only ones suffering. About 84% of organizations were also the victims of mobile phishing attacks. This data only shows that mobile-based phishing attacks are on the rise.


Based on the definition alone, many would think that phishing attacks aren’t that serious. However, according to phishing statistics, anyone can become a victim. What’s more, attackers are using not only emails but social media as well, pretending to be someone else. 

Unfortunately, too many people click on unfamiliar links, even though they know all the dangers of phishing. This leads to increased costs of phishing attacks, where hackers earn millions each year just for sending one malicious link to someone’s messenger or email.


There’s a belief that phishing attacks mostly happen to individuals and that the emails they receive are usually sent by a Nigerian prince looking to save his life. However, the situation is slightly different. 

Today, both individuals and businesses can become targets of a phishing attack. Unfortunately, many employees will click the malicious link and even enter the requested information on the website they land on. The most common targets are employees in wholesale trade, followed by manufacturing and healthcare industries.

There are many signs to pay attention to when it comes to phishing emails. The most common ones include strange tone and voice used to address the recipient, grammar and spelling errors, or inconsistent email address or website links. 

Additionally, some phishing emails may contain threats or sound like they’re calling for an urgent reaction. These emails also contain attachments. When it comes to mobile phishing, the messages may come from an unknown source, or the caller might have a heavy accent and ask for personal information over the phone.

There are several ways to protect a business from phishing attacks. The primary one is to install security software that will scan emails for suspicious links. Moreover, since many businesses have their workers in remote locations, it’s essential to educate and protect them as well.

Regular backups are also necessary. Businesses should also use passwords that expire and include multi-factor authentication for logging in to the company’s accounts. Additionally, educating the employees about phishing is a good approach.

Phishing emails and messages have many forms. Some phishing emails look like they’re sent by an individual looking for help. These emails may have a pleading tone or a threatening one, depending on what the sender is hoping to gain. 

Usually, the messages look like they’re from someone you know, like a bank, a credit card company, a social network platform, an online store, or a mobile app. These messages and emails will usually state that they noticed a strange activity or a problem with your account, prompting you to log in via the link. They might also contain fake documents.

Responding to a phishing email is dangerous. After you reply, the sender knows that the email has reached your inbox. They might send another email that will keep you alert. Additionally, the spam email can lead you away from the text and prompt you to click on a link. 

If you followed along and clicked, you’ll likely have to enter your information, and if you did that as well, then that info is now in the attacker’s hands. According to phishing statistics, the sender can also attach a virus or spyware to the original email and collect your data as you type it.