email phishing scam

17 Shocking Phishing Statistics You Need to Read in 2023

Posted on |

Our personal information should remain personal. However, billions of phishing emails are sent every day, alarming phishing statistics reveal.

What’s worse:

We open many of them, resulting in hackers getting hold of our data.

Let’s learn more about how is phishing a security threat and the importance of being vigilant when it comes to our sensitive personal information.

Worrying Phishing Attacks Statistics (Editor’s Choice)

  • 3.4 billion phishing emails are sent every day worldwide.
  • 54.6% of all email consists of spam.
  • 25% of emails from brands consist of phishing emails.
  • 90% of data breaches are caused by phishing.
  • 91% of phishing threats begin with a phishing email.
  • 96% of phishing attacks have the purpose of gathering intelligence.
  • 500 million Kaspersky users were targeted by phishing attacks in 2018.

General Phishing Statistics

Phishing is the unethical and malicious act of baiting unsuspecting users for their personal information via emails, messages, or phone calls. And if your sensitive information falls into the wrong hands, it can result in a serious case of identity theft. 

Alternatively, there might be a lot of money missing from your bank accounts. 

Let’s see what the stats have to say about this.

1. Every day, 3.4 billion phishing emails are sent out worldwide.


According to Valimail’s new research, phishing is still one of the most common and significant types of cyberattacks. In fact, a whopping one trillion phishing emails are sent every year. The majority of threatening emails seem to originate from the US.

2. 1.385 million new phishing web pages are created every month.


Cybercriminals create an impressive 1.385 million phishing sites each month in hopes of entrapping unsuspecting users. The highest recorded number of phishing sites created was 2.3 million in May 2017

What this means is that cyber attackers are using more targeted and sophisticated efforts to increase their probability of success.

3. Phishing causes 90% of data breaches.


A recent Verizon phishing report shows phishing or social engineering is the main reason for compromised sensitive data. Hackers are interested in collecting user credentials and selling them on the dark web to more malicious parties who intend to use this data to cause harm. 

The impact of stolen identity can range from breach of social media to, more seriously, breach of your online banking, putting your hard-earned money at risk.

4. Scam statistics show that 91% of cyberattacks begin with a phishing email.


Cyberattacks are quite common these days, and they target both individuals and organizations. 

Let’s face it:

As long as you have sensitive information on the internet, you are at risk of a data breach. 

Phishing is the most prevalent form of cyber attack simply because it works, and it has been working over the past few years.

In fact, research shows that 95% of attacks in 2018 could have been avoided, as hackers are using the same old technique from the earlier days of phishing.

5. According to phishing stats, 74% of phishing attacks between October 2018 and March 2019 were credential phishing.


Credential phishing involves stealing people’s usernames and passwords. Typically, these types of phishing attacks are the hardest ones to catch, as emails appear completely normal and have no malicious intent. 

What’s more:

Many of these come from hackers hijacking business email accounts to look legitimate. This tactic is known as business email compromise (BEC). Since users think they can trust these businesses, they do not second guess about providing information. 

Nowadays, attackers also go as far as hosting phishing pages on sites like Microsoft Azure so that they can use domains ending in “”

6. Kaspersky found that almost 500 million users were hit with phishing attacks in 2018.


Phishing threats have been increasing over the years, with figures doubling between phishing statistics 2017 and 2018. The unsettling report by Kaspersky Lab shows that the company’s anti-phishing efforts stopped around 482 million attempts to visit malicious sites during 2018

Unfortunately, this number has increased considerably compared to the 236 million attempts blocked in 2017

Man researching phishing statistics

7. According to Kaspersky, phishing scam statistics for Q2 2019 saw 129.9 million phishing attacks.

(Tech Republic)

This high number was a 21% increase from Q2 2018. Kaspersky found that 12.3% of its users were targets of phishing emails.

8. In Q3 2019, global mail traffic experienced average percentage spam of 57.6%.

(Tech Republic)

This figure was an increase of 1.67% compared to phishing statistics 2018 in Q3, whereas the largest spam was experienced in May, with 58.7%


Cyberattacks stats show that the largest amount of spam comes from China with 23.7%. It’s followed by the US with 13.8%, Russia with 4.8%, and Brazil with 4.6%. That quarter, a total of 43.9 million harmful email attachments were detected.

9. Email facts show that 54.6% of all emails consist of spam.

(Alert Logic)

Consumers are at a high risk of opening a spam email. In fact, in 2017, the average user received 16 harmful emails every month

This means that even if you have a small business of, let’s say, 30 employees, there are 480 possibilities of an employee opening a spam email that could lead to a severe organization breach each month.

10. Phishing attacks statistics show that 96% of attackers have the goal of intelligence gathering.


Intelligence gathering is usually the attacker’s first motive. Based on Symantec’s phishing statistics for 2019, spear phishing is the most common type of phishing method, as it makes up two-thirds of phishing attacks. 

Spear-phishing is when the phisher sends fraudulent emails to a certain organization’s employees.

Specifically, spear phishing is more common (65%) than other methods like clone phishing, whaling, etc. Spear phishing has been known to work, as attackers spend time gathering information on targets to create a more personal relationship and ensure greater success.

11. Kaspersky found that 44% of attacks targeted banks, online shops, and payment systems.


The banking industry has made it convenient for us to access our bank information with online banking. Online shopping has also made it so easy for us to pay online, save money on great deals, and wait for the items to be delivered to our doorstep. 

Unfortunately, this has also opened many doors for hackers who use phishing as a method to get access to this information and use it for fraudulent activities. And this is why the majority of the attacks are targeted at banking-related systems online. 

More Alarming Phishing Statistics

12.  Recent studies on phishing attacks found that 25% of emails from brands consist of phishing emails.


Hackers prey on trust. So, their phishing activities include impersonating notable brands to trap unsuspecting users into giving up their credentials. 

Check this out:

Microsoft is the most common brand that 43% of hackers impersonate to trick users into trusting them. Click To Tweet

After Microsoft, Amazon comes in second place with 38%, followed by the banking and finance industry with 9.7%. Shipping companies such as DHL, FedEx, and UPS are also targeted with 2.5%

13.  Phishing was the main cause of breaches in the UK in 2019, phishing facts confirm.


45% of reports of data breaches to the United Kingdom Information Commissioner’s Office (ICO) involved cyber phishing. Unauthorized access was the second most prevalent, followed by hardware, software, ransomware, and malware misconfigurations. Forceful attacks on passwords also contribute to breaches in the UK.

14. Statistics on phishing attacks in 2019 show that 90% of cyber breaches in the UK were due to human error.

(Info Security)

Last year, there were 2,376 cyber breaches recorded by the UK ICO. Alarmingly, nine out of ten breaches were caused by user error. This percentage is peak when you compare it with the last couple of years, with 61% in 2017, and 87% in 2018

Clearly, we must be more vigilant when giving out personal information to trustworthy parties. 

15. Human error remains the highest cause of successful phishing attacks worldwide, as 97% of users fail to identify phishing emails.

(Security Affairs)

According to a study by Intel Security to measure consumer knowledge of the phishing threat and users’ ability in identifying an email cyberattack, only 3% of users can identify a potentially malicious email. 

Overall, the average score worldwide was 65.4%, highlighting the importance of employee vigilance in preventing recent phishing attacks. 

This study also highlighted something interesting: 

The majority of wrong responses were due to the legitimate email. The legitimate email urged users to “claim free ads.” Thinking that legitimate businesses do not often give away “free money,” many users failed to identify the legitimate email.

16. Smaller businesses of 1 to 250 employees are at a higher risk of malicious emails, phishing statistics reveal.


Symantec’s study involves various forms of email threats, including phishing, spam, and email malware. The study found that, for smaller organizations with 1 to 250 employees, the rate of malicious emails was roughly 1 in every 323 emails

As for organizations with more employees (1001-1500), the rate is 1 in every 823 emails.

And finally: 

17. Phishing attacks cost medium-sized businesses an average of $1.6 million apiece, according to fraud stats.


Not only are phishing attacks expensive for a medium-size business, but they also decrease productivity levels by 67%

On top of that, there is also a 54% loss of proprietary data, and another 50% damage to a company’s reputation

It gets worse:

Phishing attacks are not just costly. They can also have an overall negative effect on a business and its employees. This research has also revealed that at least 30% of phishing emails manage to bypass the company’s default security measures.


Q: How common is phishing?

Microsoft’s Security Intelligence Reports show phishing has increased by a whopping 250% since its last report. This report was based on Microsoft’s internal scan of 470 billion Office 365 email addresses. This shows that not only has phishing become incredibly common, but that hackers’ tactics have also evolved to be more innovative and sophisticated.

Q:  How many phishing attacks have there been in 2019?

As of Q2 2019, the number of phishing attacks recorded by Kaspersky stood at 129.9 million.

Q: How many emails are phishing?

1 out of every 25 emails that you receive from brands is a phishing email. Hackers disguise themselves as notable brands to prey on unsuspecting consumers to give up their personal information. Brands that hackers always impersonate include Microsoft, Amazon, Banks and Financial Institutions, and even logistics companies.

Q: What percentage of cyberattacks start with a phishing email?

91% of cyberattacks begin with phishing via email to unsuspected users. Phishing is usually the first step for hackers to get user credentials, and then it is all downhill from there. Phishing is also the most common method for a cyberattack because it has proven to work for hackers year after year.

Q: What percentage of successful cyberattacks were caused by someone falling for a phishing attack?

Studies in determining consumers’ knowledge of phishing threats have shown that 97% of participants fail to identify malicious from legitimate emails. Because of this, human error is the main cause of data breach for organizations worldwide.

Q: How many businesses are targeted by spear-phishing attacks each day?

Hackers attack an average of 2,224 times a day.

Q: How much money is lost to email scams every year?

Email scams that compromise businesses have cost organizations and businesses over $3 billion since 2016. In 2018, around $1.3 billion was lost, hacking statistics confirm. 


If you have been reading this article and thinking these shocking phishing statistics might not apply to you, think again. 

The thing is:

We all live on the internet these days, and we have plenty of precious information on there that is just one phishing email away from a data breach. 

Bottom line:

With human error being the major entryway for cyberattacks and given the prevalence of phishing, it is better to be safe than sorry.