Google blocks around 100 million phishing emails every day.
For Q1 2022, LinkedIn was the most imitated brand for phishing attempts globally. The top 5 most imitated brands in Q1 2022 were:
LinkedIn (52%)
DHL (14%)
Google (7%)
Microsoft (6%)
FedEx (6%)
45.56% of emails sent in 2021 were spam.
June 2021 had the highest percentage of spam emails sent, at 48.03%.
November 2021 had the lowest percentage of spam emails sent, at 43.7%.
24.77% of spam emails were sent from Russia. A further 14.12% of spam emails were sent from Germany. The top 5 origin countries for spam emails in 2021 were:
Russia (24.77%)
Germany (14.12%)
USA (10.46%)
China (8.73%)
Netherlands (4.75%)
The most prevalent malware links found in phishing emails in 2021 were Trojans from the ‘Agensla’ family. These steal login credentials stored in browsers and credentials from emails.
Phishing is considered the most disruptive form of cybercrime for UK businesses in 2022, tied with threat actors impersonating the organisation online.
Millennials and Gen-Z internet users (18-40 year olds) are most likely to fall victim to phishing attacks – 23% compared to 19% of Generation X internet users (41-55 year olds).
90% of phishing attacks sent via messaging apps are sent through WhatsApp. The next highest percentage is Telegram, with 5.04%.
Kaspersky detected 469 different ‘phishing kits’ in 2021. The cyber security vendor blocked 1.2 million phishing pages.
In 2021, the average click rate for a phishing campaign was 17.8%. Phishing campaigns that were more targeted and added phone calls had an average click rate of 53.2% – 3 times more effective.
A security scan of millions of emails found that of those that contained security threats:
12% delivered malware
6% were compromised business emails or CEO fraud
Of the credential phishing emails, 45% purported to be from Microsoft
A further 17% were finance-themed
9.3% of the reported messages were malicious
Of this 9.3%, 38% just had a URL, while 36% had attachments
100 unique malware families were discovered in the email scan
Phishing was the top infection type at Asian organisations in 2021, with 43% of attacks in the continent. This is tied with vulnerability exploitation, and ahead of brute force attacks (7%) and the use of stolen credentials (7%).
Phishing was also prevalent in European organisations through 2021, with 42% of attacks. This was just less than vulnerability exploitation (46%) and ahead of brute force attacks (12%).
In North America, phishing was used in 47% of attacks against organisations in 2021, more than vulnerability exploitation (29%) and brute force (9%).
In Latin America in 2021, phishing was also used in 47% of attacks against organisations, ahead of stolen credentials (29%) and vulnerability exploitation (18%).
40% of cyber attacks in 2021 against businesses in the manufacturing industry involved phishing.
For businesses in the finance industry, this percentage rises to 46% – phishing was the most common infection vector for cyber attacks in finance.
In the energy industry, 60% of attacks involved phishing.
20% of cyber attacks against professional and business services (including law firms, accountants and architects) involved phishing in 2021.
Phishing was also the most common infection vector in the retail industry in 2021, with hackers using this method in 38% of attacks against businesses in this industry.
In the UK, those aged 25-44 are considered the most likely to be targeted by phishing attempts.
There has been a 57% increase in consumer and retail fraud from March 2020 to March 2022.
In 2022, 4.8% of fraud in the UK was related to Coronavirus. Scams included fraudsters sending emails or texts informing targets they needed to set up their next Covid jab – usually providing a link that would then tell them to enter their card details for an admin fee or to pay for the jab.
In 2021 in the UK, there were a total of 8023 reports of social media hacking – a 23.5% increase from the previous year.
The US IC3 department received reports from 24,299 victims of romance scams and confidence fraud in 2021. This amounted to more than $956 million lost.
The largest proportion of victims were those over 60 – 32% of the total.
16% were aged between 50-59.
Just 2% were under 20.
Sextortion was also a prevalent issue in 2021 in the US. Sextortion occurs when someone threatens to release sensitive photos, videos or information involving sexual acts if their demands are not met.
The IC3 department received more than 18,000 complaints in 2021 relating to sextortion. Victim losses amounted to more than $13.6 million.
In 2021, around $100 million was lost in Canada due to online fraud.
The most common online scams in Canada involve romance, accounting for $42.2 million of money lost, and investments.
34% of Canadians received phishing emails in the first 6 months of the pandemic.
In 2021, the rate of identity theft in Canada was 18.76 per 100,000 of the population. This was a decrease over the 10-year high of 2020 (19.4 per 100,000), but was still higher than 2010-2019, where the rate ranged from 2.37 (in 2010) to 12.58 (in 2019).
14% of victims of business email compromise attacks in the US recovered none of their financial losses.
35% of breaches in the US involved social engineering in 2021.
In 2022, 48.63% of all emails globally were spam.
However, over the course of 2022 the share of spam in global email traffic declined from 51.02% in Q1 to 46.16% in Q4.
February saw the highest percentage of spam in email traffic in 2022 at 52.78%.
December had the lowest percentage of spam sent, with 45.2% of emails considered spam.
The US-based IC3 received 300,497 reports from victims of phishing in 2022.
Business Email Compromise attacks cost US victims more than $2.7 billion in 2022.
Between 2020 and 2021, cyber crime increased by 168% in the Asia-Pacific region, including phishing and zero-day attacks.
Phishing incidents rose by 220% compared to annual averages at the height of the Covid-19 pandemic.
Phishing is the most common form of attack against UK law firms – in 2016, 80% of surveyed law firms reported suffering phishing attempts.
The amounts stolen through phishing in the first quarter of 2017 were up 300% compared to the previous year.
An average of 1.4 million phishing sites are created every month.
Younger workers are five times more likely to make mistakes that result in security issues.
A third of workers rarely think about cyber security when at work.
43% of people have compromised their work’s cyber security while working.
Between 2022-2023, 79% of UK businesses that suffered a cyber attack reported that the attack type was phishing.
31% identified others impersonating the organisation in emails or online as the attack vector.
83% of UK charities that suffered a cyber attack between 2022-2023 identified phishing as the attack type.
Leave a Reply