If you read most of the 2018 and 2019 phishing statistics\narticles, they typically start out the gate with a doom-and-gloom rehashing of\nthe costs of cybercrime in general and how it relates to email fraud. Or, the\nauthor drones on about how phishing is on the rise and how more companies and\npeople are finding themselves on the hook after falling for the bait. (Essentially,\npeople either are becoming dumber or the crooks are all becoming smarter \u2014\nwhich we argue could go either way depending on the scenario, but let\u2019s table\nthat discussion for another time.)<\/p>\n\n\n\n
But we\u2019re not going to do that here. You\u2019ve seen it\nenough on other sites, and we\u2019d like to assume that\u2019s the reason you\u2019re on our\nsite and not theirs. You know we\u2019re going to provide you with the numbers you\nneed \u2014 much like we did with our 2019\ncyber security statistics<\/a> and 2018\ncybercrime<\/a> articles. Today, we present the pure phish facts and phishing\nstats without all of the drama. <\/p>\n\n\n\n So, without further ado \u2014 the 2019 phishing attacks\nstatistics you\u2019ve been waiting for\u2026 <\/p>\n\n\n\n Let\u2019s hash it out.<\/span><\/p>\n\n\n\n Something you\u2019ve probably noticed is how much the very definition\nof phishing<\/a>, as well as phishing\nattacks<\/a> statistics seem to vary depending on the source of information. The\nnumbers and definitions will vary depending on whether you\u2019re looking at\nresearch from companies that create reports based on their clients\u2019 data or you\u2019re\nreviewing official government data. <\/p>\n\n\n\n Don\u2019t misunderstand \u2014 we\u2019re not saying that one source is\nnecessarily better than the other. Whether you\u2019re looking at phishing statistics\nfrom smaller cyber security companies, larger research firms, or even\ngovernment institutions, they all have their own merits and provide valuable\ninsights in different ways. It\u2019s just important to just keep in mind that each\nsource may be a bit skewed one way or another. This is why we share phishing\nstats and insights from multiple<\/em> sources \u2014 each of these bits of\ninformation serves as a piece of the larger puzzle. And, frankly, we want to\nensure you\u2019re getting a view of the complete picture. <\/p>\n\n\n\n But enough about that \u2014 on to the numbers.<\/p>\n\n\n\n 1 \u2014 Nearly one-third of all data breaches in 2018 involved\nphishing<\/strong><\/p>\n\n\n\n Verizon\u2019s 2019 Data Breach\nInvestigations Report<\/a> shows that 32% of the data breaches in 2018 involved\nphishing activity. Furthermore, \u201cphishing was present in 78% of Cyber-Espionage\nincidents and the installation and use of backdoors.\u201d<\/p>\n\n\n\n 2 \u2014 One in 25 branded emails is a phishing email<\/strong><\/p>\n\n\n\n Avanan, a cyber security platform, reports<\/a> the\ntwo most popular brands phishers pose as are Microsoft (42%) and Amazon (38%). <\/p>\n\n\n\n Wombat Security\u2019s State\nof the Phish 2018<\/a> report indicates that more than three-quarters of\nsurveyed organizations and businesses were targeted by phishing scams in that\nyear. <\/p>\n\n\n\n 4 \u2014 83% of global information security reported\nexperiencing phishing in 2018<\/strong><\/p>\n\n\n\n Eighty-three\npercent of global information security respondents experienced phishing attacks\nin 2018, according to ProofPoint\u2019s State of the Phish 2019 Report<\/a>. 5 \u2014 91% of cyberattacks in 2012 began with a spear phishing\nemail<\/strong><\/p>\n\n\n\n Trend\nMicro researchers<\/a> found that more than 90% of targeted cyber attacks were\nlaunched from spear phishing communications. <\/p>\n\n\n\n 6 \u2014 URL phishing detections increased 269% in 2018<\/strong><\/p>\n\n\n\n Trend\nMicro reports<\/a> that \u201cattacks that capitalize on the human desire to respond\nto urgent requests from authority are on the rise,\u201d such as Business Email\nCompromise (BEC) and phishing, with phishing URL detections increasing 269\npercent over 2017.<\/p>\n\n\n\n 7 \u2014 Phishing attacks on SaaS and webmail services\nincreases by 48% in Q4 2018<\/strong><\/p>\n\n\n\n A Q1 2019\nPhishing Activity Trends Report<\/a> from the Anti-Phishing Working Group (APWG)\nshows that software-as-a-service (SaaS) and webmail services were the two most\nattacked sectors in Q1 2019. Together, they accounted for 36% of all phishing\nattacks during that quarter and even surpassed the payment services (27%)\ncategory for the first time.<\/p>\n\n\n\n 8 \u2014 51% of phishing attacks contain links to malware<\/strong><\/p>\n\n\n\n According to research<\/a>\nfrom Avanan, a cloud security platform, more than half of phishing attack emails\ncontain links to malware. Malware attacks, by far, represent the greatest\nnumber of attacks. This is followed by credential harvesting, which represents\n41% of phishing attacks. <\/p>\n\n\n\n 9 \u2014 48% of malicious email attachments are Microsoft\nOffice Files<\/strong><\/p>\n\n\n\n Although Symantec\u2019s 2019 Internet\nSecurity Threat Report<\/a> (ISTR) states that phishing levels have declined\nover the past several years, the email malware rate has remained stable.\nMicrosoft Office users are the most at risk because hackers often disguise\ntheir malware as Office file email attachments to trick them into clicking on\nthem. <\/p>\n\n\n\n 10 \u201458% of phishing sites used SSL certificates<\/strong><\/p>\n\n\n\n More than half of phishing sites were using SSL\ncertificates in Q1 2019, according to John LaCour, chief technology officer\n(CTO) of PhishLabs. Quoted in the APWG\u2019s Q1 2019 Phishing Activity Trends Report,\nLaCour attributes this increase to the use of free domain validation (DV) SSL\ncertificates and the more widespread use of SSL in general.<\/p>\n\n\n\n\n\n 11 \u2014 65% of infosec pros identified credential\ncompromise as the most common impact of phishing <\/strong><\/p>\n\n\n\n In its February 2019 Attack\nSpotlight article<\/a>, ProofPoint reports that more than two-thirds of surveyed\ninformation security professionals reported compromised credentials as the\nbiggest impact of successful phishing attacks. This is an increase of 280%\nsince 2016.<\/p>\n\n\n\n 12 \u2014 30% of phishing emails bypass default security\nmeasures<\/strong><\/p>\n\n\n\n Avanan research indicates that 4% of all emails are\nphishing emails. Furthermore, their research also shows that nearly one-third\nof phishing messages get past companies\u2019 default security methods. <\/p>\n\n\n\n 13 \u2014 95% of respondents said they offer end-user\ntraining to employees <\/strong><\/p>\n\n\n\n Ninety-five percent of survey respondents to ProofPoint\u2019s\nState of the Phish 2019 report said they offer cyber awareness training to end\nusers to help them identify and avoid phishing attacks. The most commonly used\nmethods of training include computer-based online training (83%) and simulated\nphishing attacks (75%). <\/p>\n\n\n\n 14 \u2014 A data breach with a lifecycle under 200 days\ncosts $1.2 million less than those over 200 days<\/strong><\/p>\n\n\n\n IBM\u2019s 2019\nCost of a Data Breach Report<\/a> shows that the percentage chance of\nexperiencing a data breach within two years is 29.6%. According to the report,\n\u201corganizations today are nearly one-third more likely to experience a breach\nwithin two years than they were in 2014.\u201d Breaches can be caused by hacking,\nphishing, or a variety of other cybersecurity attack methods. <\/p>\n\n\n\n 15 \u2014 Nearly 86% of all phishing attacks targets U.S.\nentities<\/strong><\/p>\n\n\n\n Phish\nLabs\u2019 2018 Phishing Trends & Intelligence Report<\/a> shows that the\npercentage of U.S. targets that are the focus of phishing attacks continues to\nincrease, reaching 85.7% in 2018. The number increased from 81% the previous\nyear. <\/p>\n\n\n\n 16 \u2014 Phishing Attacks on British organizations\ndecreased by 80% since 2014<\/strong><\/p>\n\n\n\n The same Phish Labs trends and intelligence report shows\nthe phishing attack trend has been declining for British organizations and\ninstitutions. While phishing attacks on the U.S., Colombia, Switzerland,\nTurkey, and India increased, phishing attacks on Great Britain\u2019s institutions\ndecreased by 80% between 2014 and 2017. <\/p>\n\n\n\n 17 \u2014 21.66% of phishing attacks tracked by Kaspersky\nLabs targeted users in Brazil in Q1 2019<\/strong><\/p>\n\n\n\n The Spam and\nPhishing in Q1 2019<\/a> report from SecureList (Kaspersky Labs) indicates that\nphishing attacks targeted users in Brazil most heavily compared to other\ncountries. This is measured by the share of users whose Anti-Phishing solutions\nwere triggered by users in those countries. The next most targeted country,\nAustralia, jumped up six slots to second place with 17.20% in the same time\nperiod. <\/p>\n\n\n\n 18 \u2014 There were allegedly 26,379 victims of\nphishing\/vishing\/smishing\/pharming in 2018<\/strong><\/p>\n\n\n\nPhishing statistics 2019: breaking down the numbers<\/h2>\n\n\n\n
Phishing statistics: businesses and organizations<\/h3>\n\n\n\n
\n3 \u2014 76% of organizations targeted by phishing in 2017<\/strong><\/p>\n\n\n\n
\n
\n<\/p>\n\n\n\nPhishing statistics: phishing methods<\/h3>\n\n\n\n
Phishing statistics: the impacts of phishing attacks<\/h3>\n\n\n\n
Phishing statistics: by country<\/h3>\n\n\n\n
Phishing statistics: general statistics<\/h3>\n\n\n\n