Blog

Stunningly Scary Phishing Statistics – an Ever-growing Threat

If you’re in the hosting industry, you’re probably keeping a vigilant eye on the latest cybersecurity trends.

At Hosting Tribunal, we’re doing the same, and we’ve recently explored the threats of DDoS attacks and data breaches.

Today, we’re going to have a look at phishing attacks.

But what exactly are they?

Phishing is a malicious attempt to obtain sensitive personal information – such as usernames, passwords, and credit card details. Hackers usually pretend to be respectable people or organizations in electronic communication.

It’s incredibly common and damaging to users and businesses, as you’ll see when you’ve studied the following:

Fascinating Phishing Statistics

These impressive stats should give you an idea of just how widespread phishing is and how much companies stand to lose from successful phishing attacks.

  • Phishing attempts grew by 65% in 2017. (Source: dashlane blog)
  • Nearly 1.5 million phishing sites are created each month. (Source: dashlane blog)
  • 76% of businesses reported being a victim of a phishing attack in 2018 (Source: Proofpoint).
  • 92% of malware is delivered via email (Source: Alert Logic)
  • In 2017, the average user received an average of 16 phishing emails per month (Source: Alert Logic).
  • 95% of attacks on business networks are the result of successful spear phishing. (Source: ExplainHowNow)
  • The average cost of a phishing attack to a mid-sized company is $1.6 million. (Source: dashlane blog)

Phishing is on the rise, and hackers now target the vast majority of businesses, regardless of size. What’s more, average users are not spared either, receiving a growing amount of spam mail each week.

How Big Is Phishing?

Not all spam consists of phishing emails, but it’s safe to assume a spam message might be a phishing attempt. And there are tons of it, cluttering inboxes far and wide, as these phishing stats clearly show.

  • Spam is 45% of all emails sent. (Source: Propeller)
  • About 14.5 billion spam emails are sent every day. (Source: Propeller)
  • Spam costs businesses a mind-blowing $20.5 billion every year (Source: Propeller).
  • Germany was the most targeted country by malicious mailshots in Q3 2018, with 9.83% of the total. (Source: Kaspersky Lab)
  • In January 2017, a Gmail phishing scam targeted nearly 1 billion users worldwide. (Source: dashlane blog)
  • In Q3 2018, the anti-phishing system prevented more than 137 million redirects to phishing sites. (Source: Kaspersky Lab)
  • In 2017, spear-phishing emails were the most widely used infection method, employed by 71% of hacker groups which carried out cyber attacks. (Source: Varonis)

Nearly half of all emails are spam, and a lot of them are malicious. Hackers have perfected targeting specific, usually high-profile individuals with customized and increasingly more sophisticated phishing attacks.

Consequently, more and more companies are relying on anti-phishing software, as phishing statistics for 2019 demonstrate.

How Frequent Is Phishing?

While it’s impossible to ascertain how many phishing emails are sent each day, we know most people receive spam mail on a more or less daily basis. Quite a bit of it comes from hackers.

  • Phishing attempts grew by 65% in 2017. (Source: dashlane blog)
  • 30% of phishing messages are opened by targeted users, and 12% of those users click on the malicious attachment or link. (Source: dashlane blog)
  • The most effective phishing campaigns target Dropbox, with a 13.6% click rate. (Source: Propeller)

Phishing stats and facts tell us the first known phishing technique appeared in a paper delivered to the 1987 International HP Users Group. Given how long phishing has been around, it’s surprising users still open nearly a third of phishing messages. Dropbox users are particularly vulnerable.

Phishing Growth Trends

Let’s look at some of the most recent phishing stats, which highlight its impressive growth.

  • Phishing attacks grew by 27.5% in Q3 2018. (Source: TechRadar)
  • In 2018, phishing and fraud intensified in October, November, and December, with incidents jumping over 50% from the annual average. (Source: F5)
  • An F5 Labs report from 2018 found phishing to be the root cause of 48% of breach cases. (Source: F5)
  • Stripe, a popular payment processor, witnessed a 1267% growth in phishing targeting in September-October 2018, making it the top target. (Source: F5)
  • AppRiver identified over 1 million Business Email Compromised messages in the first six months of 2018. (Source: HOXHUNT)

Phishing attacks in 2018 were a leading cause of data breaches. Payment processors are among the most targeted businesses.

Why tho, you might be wondering?

They simply give attackers the best ROI for their time and effort. A successful cyber attack on a payment processor can provide hackers with sensitive credit card details. Then they can get that Netflix subscription for free.

What’s more, phishing attacks in the US tend to peak during the holiday season, mirroring the corresponding consumer spending patterns.

How Costly Is Phishing?

Given how common and frequent phishing attacks are, you shouldn’t be surprised at their staggering cost.

  • The average cost of a phishing attack to a mid-sized company is $1.6 million. (Source: dashlane blog)
  • Phishing emails are responsible for 94% of ransomware and $132,000 per business email compromise incident. (Source: Phish Insight)
  • In 2018, a breach that involved tampering with or unauthorized access to an application cost $2 million more than a personally identifiable information breach on average.  (Source: F5)
  • North Korean national Park Jin Hyok carried out a successful multi-layer attack using phishing as its initial attack vector and stole $81 million from a Bangladesh bank. (Source: F5)
  • In 2018, Google and Facebook lost $100 million as a result of an email phishing scheme. (Source: Inc.)

Successful high profile attacks don’t just count towards phishing crime stats – they usually make the headlines.

Even so, small and mid-sized companies suffer just as much. Ransomware can be particularly damaging, with a high ransom demand per each cyber attack.

Types of Phishing

There are several different types of phishing. Let’s go over some of them.

  • Phishing scams target personal identity and financial information.
  • Brand phishing targets consumer credentials.
  • IT/SaaS phishing targets access to organizations’ credentials and data.
  • Spear phishing, the most common type of phishing, targets individual users.
  • Office 365 identified 8 million business compromise attempts between January and September 2018. (Source: Microsoft)
  • Office 365 blocked 5 billion phishing emails in 2018. (Source: Microsoft)

As we’ve already mentioned, and as spear phishing statistics show – well-tailored, comprehensive spear phishing strategies can be especially devastating. In order to offer better protection to its customers, Office 365 has had to develop equally sophisticated defense methods. They delivered some impressive results in 2018.

Phishing Impact on Businesses and Prime Targets

Even though spear phishing attacks might mostly target high-profile individuals, no industry is safe from cybercriminals’ malicious intent. Let’s check out some more phishing attack stats to see who the chief targets are.

  • 76% of businesses reported being a victim of a phishing attack in 2018. (Source: Proofpoint)
  • Global internet portals were the most targeted business category in Q3 2018, with 32.27% of all attacks. (Source: Kaspersky Lab)
  • Banks were the second most targeted business category in Q3 2018, with 18% of all attacks. (Source: Kaspersky Lab)
  • Payment systems were the third most targeted business category in Q3 2018, with 10% of all attacks. (Source: Kaspersky Lab)
  • IT companies were the fourth most targeted business category in Q3 2018, with 7% of all attacks. (Source: Kaspersky Lab)
  • In Q3 2018, SecureList registered attacks against 131 universities in 16 countries worldwide. (Source: SecureList)
  • Guatemala was the country with the highest percentage of users attacked in Q3 2018, with 19%. (Source: Kaspersky Lab)

If you’ve come across phishing facts before, you may know there is a long history of hackers targeting global internet portals.

For example:

Back in the mid-1990s, AOL was closely associated with the “warez” community that used to distribute unlicensed software and computer games. Nowadays, global internet portals remain the top target of phishing attacks, followed by financial services and IT companies.

Universities around the world are also a popular target for phishing scams in 2019.

Primary Reasons for Phishing Attacks

So, why do hackers launch so many phishing attacks?

  • According to Intel, 97% of people around the world are unable to identify a sophisticated phishing email. (Source: Dashlane blog)
  • Only 33% of US companies are looking into adopting automated email analysis to counter phishing attacks. (Source: Teiss)
  • 23% of UK companies report more than 500 suspicious emails each week. (Source: Teiss)

These are some massive phishing statistics.

It turns out the vast majority of people worldwide can’t tell the difference between a well-crafted phishing email and the real McCoy!

To make matters worse, US companies are slow to adopt automated anti-phishing techniques, even if their European counterparts are more proactive (59%).

Popular Phishing Lures and Techniques

What are some of the ways hackers try to trick you into opening that malicious email? Phishing statistics highlight these as some of the most common phishing lures you should keep an eye out for:

  • Over 50% of phishing attacks in 2018 used SSL certificates. (Source: SECTIGO)
  • Users of the mobile Facebook site were hit by a URL padding phishing attack in June 2017. It involved padding the URL with hyphens to mask the real website that was being visited. (Source: SpamTitan)
  • The Cofence Intelligence platform identified the use of “attached invoice” as the top phishing lure in Q3 2018, with 4,796 reported emails. (Source: SpamTitan)
  • The Cofence Intelligence platform identified the use of “payment notification” as the second most popular phishing lure in Q3 2018, with 2,267 reported emails. (Source: SpamTitan)
  • The KnowBe4 Platform identified “You have a new encrypted message” as the most common real-world phishing attack in Q3 2018. (Source: SpamTitan)
  • The KnowBe4 Platform identified “IT: Syncing error – Returned incoming messages” as the second most common phishing attack in Q3 2018. (Source: SpamTitan)

Pretty much everyone has come across some version of the “Nigerian prince would like to offer you $60 million if you give him your bank details” email scam. Cybercriminals tend to rely on lures mentioning payment of some kind to excite users and manipulate their emotions.

Some Scam Stats

Scams are another potential threat associated with phishing.

  • China generated the most spam in Q3 2018, with 13.47% of the total. (Source: Kaspersky Lab)
  • In 2016, 3% to 7% of Airbnb’s 80 million stays ran into trouble, with 15.4% due to scams. (Source: Business Insider Australia)
  • According to phishing statistics, .com was the top phishing TLD in 2018. (Source: Wandera)
  • .ga (the country code for Gabon) was the second most popular phishing TLD in 2018(Source: Wandera)
  • .tk (the country code for Tokelalu) was the third most popular phishing TLD in 2018. (Source: Wandera)
  • .ml (the country code for Mali) was the fourth most popular phishing TLD in 2018. (Source: Wandera)
  • .cf (the country code for the Central African Republic) was the fifth most popular phishing TLD in 2018. (Source: Wandera)

Dot-com apart, what do these domains have in common?

First, they’re the country codes of somewhat lesser known countries from the developing world.

Second, they’re free, so anyone can get one without paying a single dime. Great news if you’re a scammer! If you’re not, you should take these statistics on phishing attacks seriously and beware of country codes you’re unfamiliar with.

Best Ways to Stay Safe

These are some of the top tips to follow in order to avoid falling prey to a phishing attack:

  • In 2018, companies which that ran 11 or more training campaigns on phishing awareness reduced click-through rate to 13%. (Source: F5)
  • Security software can be a highly effective, easy to implement email filtering solution. It blocks more than 99.9% of spam and phishing emails and 100% of known malware through dual antivirus engines. (Source: SpamTitan)
  • According to Email scam stats, emails which ask you to confirm personal information, do not appear to have genuine addresses, are poorly written, have suspicious attachments, or intend to make you panic have a high chance of being phishing emails. (Source: StaySafeOnline)

Companies which commit to systematically raising their employees’ awareness of scams and phishing clearly reap the benefits. When paired with the use of security software, it can significantly reduce the risk of successful cyber attacks.

For their part, individual users should learn to recognize the warning signs.

And on that note, it’s time for a quick:

Wrap-up

Phishing attacks in 2019 are a growing threat to users and businesses alike.

Here’s the bottom line:

No one is safe from hackers’ fraudulent attempts – not even the richest, most influential enterprises like Google and Facebook.

What to do about it?

Raising employee awareness and investing in anti-phishing software is a good place to start. Without a doubt, these mind-blowing phishing statistics will provide you with plenty of food for thought in that regard.

Leave a Comment