Home » Security Bloggers Network » 20 Phishing Statistics to Keep You from Getting Hooked in 2019

20 Phishing Statistics to Keep You from Getting Hooked in 2019

by Casey Crane on July 24, 2019

Here’s the info you need to avoid the phishing scams that leave companies
reeling

If you read most of the 2018 and 2019 phishing statistics
articles, they typically start out the gate with a doom-and-gloom rehashing of
the costs of cybercrime in general and how it relates to email fraud. Or, the
author drones on about how phishing is on the rise and how more companies and
people are finding themselves on the hook after falling for the bait. (Essentially,
people either are becoming dumber or the crooks are all becoming smarter —
which we argue could go either way depending on the scenario, but let’s table
that discussion for another time.)

But we’re not going to do that here. You’ve seen it
enough on other sites, and we’d like to assume that’s the reason you’re on our
site and not theirs. You know we’re going to provide you with the numbers you
need — much like we did with our 2019
cyber security statistics and 2018
cybercrime articles. Today, we present the pure phish facts and phishing
stats without all of the drama.

So, without further ado — the 2019 phishing attacks
statistics you’ve been waiting for…

Let’s hash it out.

Phishing statistics 2019: breaking down the numbers

Something you’ve probably noticed is how much the very definition
of phishing, as well as phishing
attacks statistics seem to vary depending on the source of information. The
numbers and definitions will vary depending on whether you’re looking at
research from companies that create reports based on their clients’ data or you’re
reviewing official government data.

Sponsorships Available

Don’t misunderstand — we’re not saying that one source is
necessarily better than the other. Whether you’re looking at phishing statistics
from smaller cyber security companies, larger research firms, or even
government institutions, they all have their own merits and provide valuable
insights in different ways. It’s just important to just keep in mind that each
source may be a bit skewed one way or another. This is why we share phishing
stats and insights from multiple sources — each of these bits of
information serves as a piece of the larger puzzle. And, frankly, we want to
ensure you’re getting a view of the complete picture.

But enough about that — on to the numbers.

Phishing statistics: businesses and organizations

1 — Nearly one-third of all data breaches in 2018 involved
phishing

Verizon’s 2019 Data Breach
Investigations Report shows that 32% of the data breaches in 2018 involved
phishing activity. Furthermore, “phishing was present in 78% of Cyber-Espionage
incidents and the installation and use of backdoors.”

2 — One in 25 branded emails is a phishing email

Avanan, a cyber security platform, reports the
two most popular brands phishers pose as are Microsoft (42%) and Amazon (38%).

3 — 76% of organizations targeted by phishing in 2017

Wombat Security’s State
of the Phish 2018 report indicates that more than three-quarters of
surveyed organizations and businesses were targeted by phishing scams in that
year.

4 — 83% of global information security reported
experiencing phishing in 2018

Eighty-three
percent of global information security respondents experienced phishing attacks
in 2018, according to ProofPoint’s State of the Phish 2019 Report.

Phishing statistics: phishing methods

5 — 91% of cyberattacks in 2012 began with a spear phishing
email

Trend
Micro researchers found that more than 90% of targeted cyber attacks were
launched from spear phishing communications.

6 — URL phishing detections increased 269% in 2018

Trend
Micro reports that “attacks that capitalize on the human desire to respond
to urgent requests from authority are on the rise,” such as Business Email
Compromise (BEC) and phishing, with phishing URL detections increasing 269
percent over 2017.

7 — Phishing attacks on SaaS and webmail services
increases by 48% in Q4 2018

A Q1 2019
Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG)
shows that software-as-a-service (SaaS) and webmail services were the two most
attacked sectors in Q1 2019. Together, they accounted for 36% of all phishing
attacks during that quarter and even surpassed the payment services (27%)
category for the first time.

8 — 51% of phishing attacks contain links to malware

According to research
from Avanan, a cloud security platform, more than half of phishing attack emails
contain links to malware. Malware attacks, by far, represent the greatest
number of attacks. This is followed by credential harvesting, which represents
41% of phishing attacks.

9 — 48% of malicious email attachments are Microsoft
Office Files

Although Symantec’s 2019 Internet
Security Threat Report (ISTR) states that phishing levels have declined
over the past several years, the email malware rate has remained stable.
Microsoft Office users are the most at risk because hackers often disguise
their malware as Office file email attachments to trick them into clicking on
them.

10 —58% of phishing sites used SSL certificates

More than half of phishing sites were using SSL
certificates in Q1 2019, according to John LaCour, chief technology officer
(CTO) of PhishLabs. Quoted in the APWG’s Q1 2019 Phishing Activity Trends Report,
LaCour attributes this increase to the use of free domain validation (DV) SSL
certificates and the more widespread use of SSL in general.

Phishing statistics: the impacts of phishing attacks

11 — 65% of infosec pros identified credential
compromise as the most common impact of phishing

In its February 2019 Attack
Spotlight article, ProofPoint reports that more than two-thirds of surveyed
information security professionals reported compromised credentials as the
biggest impact of successful phishing attacks. This is an increase of 280%
since 2016.

12 — 30% of phishing emails bypass default security
measures

Avanan research indicates that 4% of all emails are
phishing emails. Furthermore, their research also shows that nearly one-third
of phishing messages get past companies’ default security methods.

13 — 95% of respondents said they offer end-user
training to employees

Ninety-five percent of survey respondents to ProofPoint’s
State of the Phish 2019 report said they offer cyber awareness training to end
users to help them identify and avoid phishing attacks. The most commonly used
methods of training include computer-based online training (83%) and simulated
phishing attacks (75%).

14 — A data breach with a lifecycle under 200 days
costs $1.2 million less than those over 200 days

IBM’s 2019
Cost of a Data Breach Report shows that the percentage chance of
experiencing a data breach within two years is 29.6%. According to the report,
“organizations today are nearly one-third more likely to experience a breach
within two years than they were in 2014.” Breaches can be caused by hacking,
phishing, or a variety of other cybersecurity attack methods.

Phishing statistics: by country

15 — Nearly 86% of all phishing attacks targets U.S.
entities

Phish
Labs’ 2018 Phishing Trends & Intelligence Report shows that the
percentage of U.S. targets that are the focus of phishing attacks continues to
increase, reaching 85.7% in 2018. The number increased from 81% the previous
year.

16 — Phishing Attacks on British organizations
decreased by 80% since 2014

The same Phish Labs trends and intelligence report shows
the phishing attack trend has been declining for British organizations and
institutions. While phishing attacks on the U.S., Colombia, Switzerland,
Turkey, and India increased, phishing attacks on Great Britain’s institutions
decreased by 80% between 2014 and 2017.

17 — 21.66% of phishing attacks tracked by Kaspersky
Labs targeted users in Brazil in Q1 2019

The Spam and
Phishing in Q1 2019 report from SecureList (Kaspersky Labs) indicates that
phishing attacks targeted users in Brazil most heavily compared to other
countries. This is measured by the share of users whose Anti-Phishing solutions
were triggered by users in those countries. The next most targeted country,
Australia, jumped up six slots to second place with 17.20% in the same time
period.

Phishing statistics: general statistics

18 — There were allegedly 26,379 victims of
phishing/vishing/smishing/pharming in 2018

The 2018
Internet Crime Report from the Internet Crime Complaint Center (IC3)
indicates that $48,241,748 was reportedly lost per victim due tophishing/vishing/smishing
attacks in the same year.

19 — Phishing attacks increase by 65% as success rate
of attacks increase globally

Avanan’s research shows that phishing attacks increased globally
by 65% between 2016 and 2017.

20 — Up to 1 million Emotet trojan phishing emails are
sent in a single day

ProofPoint researchers have seen an increase
in phishing emails containing the Emotet banking trojan as an attachments.
This trojan is particularly dangerous because it can capture every credential
on a compromised device, including those stored in browsers, and steal email
data as well.

Wrapping up our phishing attack statistics

As companies increasingly perform their business online
and rely more heavily on technology for communications, it’s expected that
phishing will continue to increase. However, as the above phish facts and
phishing stats show, the methods that cybercriminals are using and victims
they’re targeting in their phishing attacks are changing:

Cyber-espionage actors frequently employ
phishing attacks.
There is a growing use of malicious files and
HTTPS sites in phishing scams.
Phishing attacks on SaaS and webmail
organizations are on the rise.
Attacks on U.S. organizations and businesses are
increasing while some other western countries such as Great Britain are
decreasing.

Although we’re only half of the way through 2019, it’ll
be interesting to see what the rest of the year — and 2020 beyond that — holds
in store for the cyber security industry.