Phishing and Ransomware: Everything you need to know

Global Phishing Statistics

• Google blocks around 100 million phishing emails every day.
• For Q1 2022, LinkedIn was the most imitated brand for phishing attempts globally. The top 5 most imitated brands in Q1 2022 were:
  • LinkedIn (52%)
  • DHL (14%)
  • Google (7%)
  • Microsoft (6%)
  • FedEx (6%)
• 45.56% of emails sent in 2021 were spam.
  • June 2021 had the highest percentage of spam emails sent, at 48.03%.
  • November 2021 had the lowest percentage of spam emails sent, at 43.7%.
• 24.77% of spam emails were sent from Russia. A further 14.12% of spam emails were sent from Germany. The top 5 origin countries for spam emails in 2021 were:
  • Russia (24.77%)
  • Germany (14.12%)
  • USA (10.46%)
  • China (8.73%)
  • Netherlands (4.75%)
• The most prevalent malware links found in phishing emails in 2021 were Trojans from the ‘Agensla’ family. These steal login credentials stored in browsers and credentials from emails.
• Phishing is considered the most disruptive form of cybercrime for UK businesses in 2022, tied with threat actors impersonating the organisation online.
• Millennials and Gen-Z internet users (18-40 year olds) are most likely to fall victim to phishing attacks – 23% compared to 19% of Generation X internet users (41-55 year olds).
• 90% of phishing attacks sent via messaging apps are sent through WhatsApp. The next highest percentage is Telegram, with 5.04%.
• Kaspersky detected 469 different ‘phishing kits’ in 2021. The cyber security vendor blocked 1.2 million phishing pages.
• In 2021, the average click rate for a phishing campaign was 17.8%. Phishing campaigns that were more targeted and added phone calls had an average click rate of 53.2% – 3 times more effective.
• A security scan of millions of emails found that of those that contained security threats:
  • 12% delivered malware
  • 6% were compromised business emails or CEO fraud
  • Of the credential phishing emails, 45% purported to be from Microsoft
  • A further 17% were finance-themed
  • 9.3% of the reported messages were malicious
  • Of this 9.3%, 38% just had a URL, while 36% had attachments
  • 100 unique malware families were discovered in the email scan
• Phishing was the top infection type at Asian organisations in 2021, with 43% of attacks in the continent. This is tied with vulnerability exploitation, and ahead of brute force attacks (7%) and the use of stolen credentials (7%).
• Phishing was also prevalent in European organisations through 2021, with 42% of attacks. This was just less than vulnerability exploitation (46%) and ahead of brute force attacks (12%).
• In North America, phishing was used in 47% of attacks against organisations in 2021, more than vulnerability exploitation (29%) and brute force (9%).
• In Latin America in 2021, phishing was also used in 47% of attacks against organisations, ahead of stolen credentials (29%) and vulnerability exploitation (18%).
• 40% of cyber attacks in 2021 against businesses in the manufacturing industry involved phishing.
  • For businesses in the finance industry, this percentage rises to 46% – phishing was the most common infection vector for cyber attacks in finance.
  • In the energy industry, 60% of attacks involved phishing.
  • 20% of cyber attacks against professional and business services (including law firms, accountants and architects) involved phishing in 2021.
  • Phishing was also the most common infection vector in the retail industry in 2021, with hackers using this method in 38% of attacks against businesses in this industry.
• In the UK, those aged 25-44 are considered the most likely to be targeted by phishing attempts.
• There has been a 57% increase in consumer and retail fraud from March 2020 to March 2022.
  • In 2022, 4.8% of fraud in the UK was related to Coronavirus. Scams included fraudsters sending emails or texts informing targets they needed to set up their next Covid jab – usually providing a link that would then tell them to enter their card details for an admin fee or to pay for the jab.
• In 2021 in the UK, there were a total of 8023 reports of social media hacking – a 23.5% increase from the previous year.
• The US IC3 department received reports from 24,299 victims of romance scams and confidence fraud in 2021. This amounted to more than $956 million lost.
  • The largest proportion of victims were those over 60 – 32% of the total.
  • 16% were aged between 50-59.
  • Just 2% were under 20.
• Sextortion was also a prevalent issue in 2021 in the US. Sextortion occurs when someone threatens to release sensitive photos, videos or information involving sexual acts if their demands are not met.
  • The IC3 department received more than 18,000 complaints in 2021 relating to sextortion. Victim losses amounted to more than $13.6 million.
• In 2021, around $100 million was lost in Canada due to online fraud.
• The most common online scams in Canada involve romance, accounting for $42.2 million of money lost, and investments.
• 34% of Canadians received phishing emails in the first 6 months of the pandemic.
• In 2021, the rate of identity theft in Canada was 18.76 per 100,000 of the population. This was a decrease over the 10-year high of 2020 (19.4 per 100,000), but was still higher than 2010-2019, where the rate ranged from 2.37 (in 2010) to 12.58 (in 2019).
• 14% of victims of business email compromise attacks in the US recovered none of their financial losses.
• 35% of breaches in the US involved social engineering in 2021.
• In 2022, 48.63% of all emails globally were spam.
  • However, over the course of 2022 the share of spam in global email traffic declined from 51.02% in Q1 to 46.16% in Q4.
  • February saw the highest percentage of spam in email traffic in 2022 at 52.78%.
  • December had the lowest percentage of spam sent, with 45.2% of emails considered spam.
• The US-based IC3 received 300,497 reports from victims of phishing in 2022.
• Business Email Compromise attacks cost US victims more than $2.7 billion in 2022.
• Between 2020 and 2021, cyber crime increased by 168% in the Asia-Pacific region, including phishing and zero-day attacks.
• Phishing incidents rose by 220% compared to annual averages at the height of the Covid-19 pandemic.
• Phishing is the most common form of attack against UK law firms – in 2016, 80% of surveyed law firms reported suffering phishing attempts.
  • The amounts stolen through phishing in the first quarter of 2017 were up 300% compared to the previous year.
• An average of 1.4 million phishing sites are created every month.
• Younger workers are five times more likely to make mistakes that result in security issues.
• A third of workers rarely think about cyber security when at work.
• 43% of people have compromised their work’s cyber security while working.
• Between 2022-2023, 79% of UK businesses that suffered a cyber attack reported that the attack type was phishing.
  • 31% identified others impersonating the organisation in emails or online as the attack vector.
• 83% of UK charities that suffered a cyber attack between 2022-2023 identified phishing as the attack type.