Phishing and Ransomware: Everything you need to know

by meziesblog.com, posted in Articles
person using macbook air
Photo by Mati Mango on Pexels.com

Global Phishing Statistics

  • Google blocks around 100 million phishing emails every day.
  • For Q1 2022, LinkedIn was the most imitated brand for phishing attempts globally. The top 5 most imitated brands in Q1 2022 were:
    • LinkedIn (52%)
    • DHL (14%)
    • Google (7%)
    • Microsoft (6%)
    • FedEx (6%)
  • 45.56% of emails sent in 2021 were spam.
    • June 2021 had the highest percentage of spam emails sent, at 48.03%.
    • November 2021 had the lowest percentage of spam emails sent, at 43.7%.
  • 24.77% of spam emails were sent from Russia. A further 14.12% of spam emails were sent from Germany. The top 5 origin countries for spam emails in 2021 were:
    • Russia (24.77%)
    • Germany (14.12%)
    • USA (10.46%)
    • China (8.73%)
    • Netherlands (4.75%)
  • The most prevalent malware links found in phishing emails in 2021 were Trojans from the ‘Agensla’ family. These steal login credentials stored in browsers and credentials from emails.
  • Phishing is considered the most disruptive form of cybercrime for UK businesses in 2022, tied with threat actors impersonating the organisation online.
  • Millennials and Gen-Z internet users (18-40 year olds) are most likely to fall victim to phishing attacks – 23% compared to 19% of Generation X internet users (41-55 year olds).
  • 90% of phishing attacks sent via messaging apps are sent through WhatsApp. The next highest percentage is Telegram, with 5.04%.
  • Kaspersky detected 469 different ‘phishing kits’ in 2021. The cyber security vendor blocked 1.2 million phishing pages.
  • In 2021, the average click rate for a phishing campaign was 17.8%. Phishing campaigns that were more targeted and added phone calls had an average click rate of 53.2% – 3 times more effective.
  • A security scan of millions of emails found that of those that contained security threats:
    • 12% delivered malware
    • 6% were compromised business emails or CEO fraud
    • Of the credential phishing emails, 45% purported to be from Microsoft
    • A further 17% were finance-themed
    • 9.3% of the reported messages were malicious
    • Of this 9.3%, 38% just had a URL, while 36% had attachments
    • 100 unique malware families were discovered in the email scan
  • Phishing was the top infection type at Asian organisations in 2021, with 43% of attacks in the continent. This is tied with vulnerability exploitation, and ahead of brute force attacks (7%) and the use of stolen credentials (7%).
  • Phishing was also prevalent in European organisations through 2021, with 42% of attacks. This was just less than vulnerability exploitation (46%) and ahead of brute force attacks (12%).
  • In North America, phishing was used in 47% of attacks against organisations in 2021, more than vulnerability exploitation (29%) and brute force (9%).
  • In Latin America in 2021, phishing was also used in 47% of attacks against organisations, ahead of stolen credentials (29%) and vulnerability exploitation (18%).
  • 40% of cyber attacks in 2021 against businesses in the manufacturing industry involved phishing.
    • For businesses in the finance industry, this percentage rises to 46% – phishing was the most common infection vector for cyber attacks in finance.
    • In the energy industry, 60% of attacks involved phishing.
    • 20% of cyber attacks against professional and business services (including law firms, accountants and architects) involved phishing in 2021.
    • Phishing was also the most common infection vector in the retail industry in 2021, with hackers using this method in 38% of attacks against businesses in this industry.
  • In the UK, those aged 25-44 are considered the most likely to be targeted by phishing attempts.
  • There has been a 57% increase in consumer and retail fraud from March 2020 to March 2022.
    • In 2022, 4.8% of fraud in the UK was related to Coronavirus. Scams included fraudsters sending emails or texts informing targets they needed to set up their next Covid jab – usually providing a link that would then tell them to enter their card details for an admin fee or to pay for the jab.
  • In 2021 in the UK, there were a total of 8023 reports of social media hacking – a 23.5% increase from the previous year.
  • The US IC3 department received reports from 24,299 victims of romance scams and confidence fraud in 2021. This amounted to more than $956 million lost.
    • The largest proportion of victims were those over 60 – 32% of the total.
    • 16% were aged between 50-59.
    • Just 2% were under 20.
  • Sextortion was also a prevalent issue in 2021 in the US. Sextortion occurs when someone threatens to release sensitive photos, videos or information involving sexual acts if their demands are not met.
    • The IC3 department received more than 18,000 complaints in 2021 relating to sextortion. Victim losses amounted to more than $13.6 million.
  • In 2021, around $100 million was lost in Canada due to online fraud.
  • The most common online scams in Canada involve romance, accounting for $42.2 million of money lost, and investments.
  • 34% of Canadians received phishing emails in the first 6 months of the pandemic.
  • In 2021, the rate of identity theft in Canada was 18.76 per 100,000 of the population. This was a decrease over the 10-year high of 2020 (19.4 per 100,000), but was still higher than 2010-2019, where the rate ranged from 2.37 (in 2010) to 12.58 (in 2019).
  • 14% of victims of business email compromise attacks in the US recovered none of their financial losses.
  • 35% of breaches in the US involved social engineering in 2021.
  • In 2022, 48.63% of all emails globally were spam.
    • However, over the course of 2022 the share of spam in global email traffic declined from 51.02% in Q1 to 46.16% in Q4.
    • February saw the highest percentage of spam in email traffic in 2022 at 52.78%.
    • December had the lowest percentage of spam sent, with 45.2% of emails considered spam.
  • The US-based IC3 received 300,497 reports from victims of phishing in 2022.
  • Business Email Compromise attacks cost US victims more than $2.7 billion in 2022.
  • Between 2020 and 2021, cyber crime increased by 168% in the Asia-Pacific region, including phishing and zero-day attacks.
  • Phishing incidents rose by 220% compared to annual averages at the height of the Covid-19 pandemic.
  • Phishing is the most common form of attack against UK law firms – in 2016, 80% of surveyed law firms reported suffering phishing attempts.
    • The amounts stolen through phishing in the first quarter of 2017 were up 300% compared to the previous year.
  • An average of 1.4 million phishing sites are created every month.
  • Younger workers are five times more likely to make mistakes that result in security issues.
  • A third of workers rarely think about cyber security when at work.
  • 43% of people have compromised their work’s cyber security while working.
  • Between 2022-2023, 79% of UK businesses that suffered a cyber attack reported that the attack type was phishing.
    • 31% identified others impersonating the organisation in emails or online as the attack vector.
  • 83% of UK charities that suffered a cyber attack between 2022-2023 identified phishing as the attack type.

Discover more from MEZIESBLOG

Subscribe to get the latest posts sent to your email.

Leave a Reply