Phishing is a type of social engineering attack in which cybercriminals attempt to trick victims into providing sensitive information, such as passwords, credit card numbers, or Social Security numbers. Because these attacks can result in data breaches, hefty penalties, and legal repercussions, they can be costly for businesses of all sizes.
In a phishing attack, the cybercriminal typically sends an email or a text message that looks like it came from a legitimate source, such as a bank, government agency, or an online retailer. The message may contain a link that when clicked, redirects the victim to a fraudulent website. If the victim provides their sensitive information on the website, the cybercriminal can use the information to commit identity theft, fraud, or other crimes.
To help businesses defend against such attacks, we’ve compiled key phishing statistics that they should be aware of.
Read also: 5 Costliest phishing scams in history |
Most impersonated companies
According to Check Point Research, in the fourth quarter of 2022, Yahoo was the most impersonated brand in brand phishing attempts, accounting for 20% of all attacks. Yahoo was followed by DHL (16%), Microsoft (11%), Google (5.8%), and LinkedIn (5.7%). This shows how phishers are taking advantage of the popularity and reputation of large corporations to carry out attacks.
Prevalence of phishing attacks
According to Verizon’s 2023 Data Breach Investigations Report, 74% of data breaches involve the human element, including phishing and the use of stolen credentials. Among the different types of social engineering attacks, phishing accounted for 44% and was the top cause of confirmed data breaches.
In 2022, phishing was the most reported cybercrime, with 300,497 complaints. What’s more, IBM’s Cost of a Data Breach 2022 report found that phishing was the second most common way that hackers gained access to a company’s IT system.
Since companies shifted to remote and hybrid work arrangements, 80% of cybersecurity professionals have seen an increase in cyberthreats. Of these, 62% say that phishing scams have become more prevalent compared to other types of cyberthreats. Unfortunately, this trend is expected to continue in 2023 and beyond.
Industries targeted by phishing
KnowBe4’s 2023 Phishing By Industry Benchmarking study revealed that education, hospitality, insurance, healthcare, consulting, retail, and energy were the industries that were most targeted by phishing attacks.
The industries most at risk of a phishing attack varies based on organization size are:
- Small (1–249 employees): Education (32.7%)
- Mid-sized (250–999 employees): Hospitality (39.4%)
- Large (1,000+ employees): Insurance (52.3%)
Phishing delivery methods
While email remains the primary method for delivering phishing attacks, there are other communication platforms being used in such scams. IT professionals report that they’ve also experienced phishing attacks through video conferencing platforms (44%), workforce messaging platforms (40%), cloud-based file-sharing platforms (40%), and SMS (36%).
Moreover, with people spending more and more time on their phones, cybercriminals are launching more mobile-based attacks. In 2022, the number of mobile phishing threats increased by 50% compared to the previous year. The channels exploited for mobile phishing are typically less secure than email systems, so cybercriminals can easily use these to trick users and steal sensitive information.
Phishing email subject lines
KnowBe4’s report revealed that in the third quarter of 2022, phishing emails often had subject lines that exploit trust in reputable brands and the increasing reliance on remote work and cloud technologies. Examples of the most common subject lines used were related to equipment and software updates, mail notifications, delayed shipping, password expiration notices, and payment issues.
Phishing email attachments
According to the ESET Threat Report T2 2022, the most common types of attachments in phishing emails were malicious Windows executables (47%), script files (23%), Office documents (19%), PDF documents (6%), and shortcuts (4%).
Protect your business from phishing attacks with SpectrumWise’s email/spam protection and other cybersecurity solutions. Schedule a consultation with us today.