- Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day.
- The use of stolen credentials is the most common cause of data breaches.
- Google blocks around 100 million phishing emails daily.
- Over 48% of emails sent in 2022 were spam.
- Over a fifth of phishing emails originate from Russia.
- Millennials and Gen-Z internet users are most likely to fall victim to phishing attacks.
- 83% of UK businesses that suffered a cyber-attack in 2022 reported the attack type as phishing.
- Phishing was the most common attack type against Asian organisations in 2021.
- The average cost of a data breach against an organisation is more than $4 million.
- One whaling attack costs a business $47 million.
Phishing Overview
Phishing is a type of cybercrime whereby cyber criminals send spam messages containing malicious links, designed to get targets to either download malware or follow links to spoof websites. These messages were traditionally emails, but have since been employed through texts, social media and phone calls.
Phishing remains the most common form of cybercrime. Of UK businesses that suffered a cyber-attack in 2022, 83% say the attack was phishing.
Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cybercrime fell for a phishing attack. This is despite Google’s cyber security measures blocking 99.9% of phishing attempts from reaching users.
With an average of $136 lost per phishing attack, this amounts to $44.2 million stolen by cyber criminals through phishing attacks in 2021.
Phishing attacks largely target victims through emails. In 2021, there was a global average of 16.5 leaked emails per 100 internet users. These breached databases are sold on black marketplaces on the dark web, meaning cyber criminals can purchase them and use the addresses in phishing attacks.
2021 saw nearly 1 billion emails exposed, affecting 1 in 5 internet users. This may partly explain the continued prevalence of phishing attacks.
It is more important than ever for businesses to take cyber security seriously. Particularly in heavily regulated industries such as financial services companies and law firms.
A 2019 study highlighted that spear phishing was the most popular avenue for attack for cyber criminals. These phishing campaigns were used by 65% of all known groups. The primary motive for these attacks was overwhelmingly intelligence gathering, with 96% of groups using targeted attacks for this reason.
In 2022, the most common URL included in phishing emails links to websites with the ‘.com’ domain, at 54%. The next most common domain is ‘.net’ at less than 8.9%. The most common domain names with ‘.com’ for Q2 2022 are:
- Adobe
- Myportfolio
- Backblazeb2
- Weebly
The risk that phishing poses is clear. A data breach that exposes 10 million records costs businesses $50 million on average. An attack that compromises 50 million records can cost as much as $392 million.
The growing cost-of-living crises experienced by economies globally are providing fertile ground for cyber criminals to launch phishing campaigns. In the UK, scammers impersonated the energy regulator Ofgem in their attempts to harvest financial information. In response, Ofgem contacted all UK energy suppliers and asked them to update their websites with information advising customers what actions to take if they encounter a scam.
Leave a Reply