Phishing Statistics By Types, Country and Age Group

Barry Elad

Updated · Aug 04, 2023

Phishing Statistics By Types, Country and Age Group

Introduction

Phishing Statistics: Phishing is a popular trick used by online criminals. They send harmful messages through emails, texts, and even phone calls. The idea is to make you click a bad link or download harmful software. It's the top cyber crime, affecting 83% of UK businesses that had a cyber attack in 2022.

In 2021, about 323,972 people worldwide were tricked by phishing. This made up half of all victims of cyber crimes, despite Google blocking almost all phishing attempts.

Each phishing attack cost the victim around $136 on average, leading to a whopping $44.2 million stolen by criminals in 2021.

Most phishing happens through emails. For every 100 internet users, about 16.5 had their emails exposed in 2021. These stolen emails are sold on the internet's black market, where criminals buy them to use in their attacks. With 1 billion emails leaked, phishing remains a big threat.

It's crucial for businesses, especially those in sensitive industries like finance and law, to protect themselves. A 2019 study found that spear phishing, a targeted form of phishing, was the main attack method for 65% of criminal groups, used mostly for collecting information.

In 2022, the most common phishing emails included links to ‘.com' websites, making up 54% of the total. The next common was ‘.net', at just 8.9%. Top ‘.com' domain names involved were Adobe, Google, Myportfolio, Backblazeb2, and Weebly.

Phishing can cause massive damage. For instance, a data breach affecting 10 million records can cost a business $50 million. If it impacts 50 million records, the cost could rise to $392 million.

These days, as people struggle with high living costs, scammers are taking advantage. In the UK, they pretended to be Ofgem, the energy regulator, to get personal financial details. Ofgem responded by asking energy companies to warn customers about these scams on their websites.

Editor’s Choice

  • In 2022, phishing attacks doubled from the previous year, with more than 500 million incidents recorded.
  • Email phishing scams in the U.S. saw a steep rise of 48% in 2022.
  • Young adults, particularly Gen-Z and Millennials, were the primary victims of phishing attacks.
  • By 2023, Nevada was the most affected U.S. state by phishing, while Kansas experienced the least phishing attacks.
  • The District of Columbia saw 25 phishing victims per 10,000 residents, leading to a financial loss of $25,562.
  • Arkansas suffered the highest financial loss due to phishing, with more than $80,000 lost per 10,000 residents.
  • Phishing scams in Delaware spiked by 71% in 2022.
  • Wisconsin recorded the largest number of phishing victims in the past two years, with a 38% increase.
  • The U.S. Internet Crime Complaint Center (IC3) received 300,497 reports from phishing victims.
  • Businesses in the U.S. faced over $2.7 billion in losses from email scams by the end of 2022.
  • According to IC3, financial losses from phishing surpassed $10.3 billion in 2022, with 800,944 reports in the U.S.
  • In an effort to decrease phishing, 84% of U.S. organizations started regular security awareness training for employees in 2023, significantly reducing phishing incidents.
  • Phishing remains the top cybercrime, with a daily estimate of 3.4 billion spam emails.
  • Stolen credentials are the leading cause of data breaches.
  • Google manages to block about 100 million phishing emails each day.
  • Almost half of all emails sent in 2022, 48%, were spam.
  • Russia is responsible for more than a fifth of all phishing emails.
  • Millennials and Gen-Z internet users are most likely to fall for phishing scams.
  • In the UK, 83% of businesses that experienced a cyber attack in 2022 identified phishing as the attack method.
  • Asian organizations reported phishing as the most common form of cyber attack in 2021.
  • A data breach can cost an organization more than $4 million on average.
  • A single whaling attack, a type of targeted phishing, can cost a business as much as $47 million.

Types of Phishing

Phishing comes in different shapes and sizes. Let's explore some of the main types:

  • Email Phishing: This is the most common type of phishing, making up 71% of all phishing attacks. Scammers try to trick you into giving away personal information through deceptive emails.
  • Spear Phishing: Making up 67% of phishing attempts, spear phishing is a more targeted attack. The scammer uses specific information about you to make the attack seem more legitimate.
  • Whaling: Whaling attacks, which specifically target high-ranking individuals like CEOs or managers, account for 27% of phishing attacks.
  • Smishing: Smishing, or SMS-based phishing, makes up 21% of phishing attacks. In these attacks, scammers send deceptive text messages attempting to gather sensitive information.
  • Vishing: Also making up 27% of phishing attacks, vishing is voice phishing where scammers use phone calls pretending to be trustworthy organizations to trick you into revealing sensitive information.
  • Business Email Compromise: This type of attack, making up 23% of phishing scams, targets businesses. Scammers impersonate executives or employees in emails, aiming to defraud the company or its partners.
  • Social Media Phishing: Accounting for 16% of phishing attacks, these scams occur on social media platforms. Fraudsters create fake profiles or posts to trick users into giving away personal information.

Remember, staying aware of these scams and being cautious when sharing personal information can help keep you safe online.

Facts About Phishing

  • According to the report by IBM in 2022, the average data breach expenses increased by $4.35 million in the United States.
  • Due to phishing attacks around 23% of organizations lost employees by the end of 2022.
  • The Anti Phishing Working Group (APWG) has observed around 1,025,968 phishing attacks only in the 1st quarter of 2022.
  • In the United States in 2022, out of total data breaches 39% of attacks were accounted for phishing.
  • Each year on average 83% of organizations are experiencing phishing attacks.
  • In 2022, according to IC3, the financial losses have crossed $10.3 billion with 800,944 reports in the United States.
  • Phishing attacks on manufacturing industries in 2022 have increased by 52% since last year.
  • The phishing scams were mostly reported by 30-39 years and age groups according to the report of IC3, 2022.
  • As of 2022, the number of United States phishing victims has decreased almost by 7% from last year, resulting in 300,497 victims.
  • The number of phishing victims through business e-mail compromise in the United States has increased to 21,832 from last year.

General Phishing Statistics

  • The phishing email links in 2022 commonly used the URL domain such as .com and .net with 54% and 8.9% respectively.
  • According to a report in 2022, around 80% of surveyed organizations faced mainly email-based phishing attacks.
  • Organizations have reported 96% of increased phishing scams via email in 2022 than the previous year.
  • In the 1st quarter of 2022, phishing has impacted its effect on LinkedIn the most.
  • Globally the phishing scam has increased by 48.63% in the 1st quarter of 2022 and decreased to 46.16% in the 4th quarter.
  • In February 2022 the email tariff phishing scam increased highest with 52.78% and it reduced to 45.2% by December.
  • An overall incident related to phishing has annually increased by 220% in 2022 from last year.
  • As of 2023, every month, cybercriminals create around 1.4 million phishing sites.
  • In the United States, businesses have been hampered with more than $2.7 billion due to email scans by the end of 2022.

Impact of Phishing Scams on Various Brands

Phishing impacts various brands differently, with some being impersonated more frequently by cyber criminals. Here's a breakdown:

  • LinkedIn: A massive 45% of phishing attempts associated with brands involve fake LinkedIn messages or websites. It shows that scammers often target professional networks to deceive users into revealing sensitive information.
  • Dalsey Hillblom Lynn (DHL): DHL, the international courier and delivery service, is used as a disguise in 12% of branded phishing attacks. Scammers often fake delivery notifications or tracking info to trick recipients.
  • Google: While Google is a tech giant, it's involved in only 1% of phishing attempts. This suggests that Google's security measures might be working to reduce its exploitation by phishing scammers.
  • Microsoft: Microsoft, another tech heavyweight, is impersonated in 13% of phishing attempts. These scams often involve fake alerts about Microsoft accounts or software updates.
  • FedEx: As another major courier company, FedEx is impersonated in 6% of phishing attacks. Scammers typically send false package or delivery alerts to trick users.
  • Amazon: Being a leading e-commerce platform, Amazon is targeted in 9% of phishing attacks. Fake order confirmations or delivery updates are common tactics.
  • Netflix: Despite its popularity, Netflix is involved in only 1% of phishing scams. This could indicate effective security measures or possibly that users are becoming more aware of entertainment subscription-related scams.
  • Adobe: Similar to Netflix, Adobe is also only impersonated in 1% of phishing attempts. This might be due to increased security measures or users being more cautious with software-related emails.

Most Targeted Industries

most targeted industries by Phishing scan

(Reference: blackberry.com)

Different sectors are targeted to varying extents by phishing scammers. Here's how it breaks down:

  • Financial Institutions: Banks, lenders, and other financial institutions are the most targeted, with 34% of phishing attacks directed at them. This is likely because of the direct access to money and valuable financial information these organizations provide.
  • Healthcare Services: The healthcare sector, which includes medical device companies, hospitals, and clinics, is the target of 14% of phishing attacks. Confidential medical data can be valuable on the black market, making this sector an attractive target for cyber criminals.
  • Food Retail Market: This sector, including food producers, supermarkets, and drugstores, is targeted in 12% of phishing attacks. These scams could involve fake order confirmations or delivery notifications.
  • Software Services: Companies in the software services sector, which are responsible for the apps and platforms many of us use daily, are targeted in 20.5% of phishing attacks. This could be due to the valuable user data these companies hold.
  • Social Media: Social media platforms are targeted in 12.5% of phishing attacks, likely due to the vast amount of personal data available and the opportunity to exploit users' trust in these platforms.
  • Payment Services: Payment service providers, which handle transactions and store financial data, are the target of 5% of phishing attacks. Cyber criminals often aim to gain access to users' payment details through these scams.
  • Logistics: The logistics sector, which includes delivery and transportation companies, is targeted in 3.8% of phishing attacks. Scammers often impersonate these companies in fake delivery or tracking notifications to gather sensitive information.

Infected Telegram Users by Country

6 phishing stats top 10 countries Telegram

(Source: techopedia.com)

The above graph represents the countries wise statistics by the number of devices infected users of Telegram groups that are affected by phishing attacks in 2022 from January to June.

  • The United States remained the top victim with 91,565 users.
  • 1O countries overall users turned out to 896,148 that a 66% rise since last year.

Analyzing U.S. Financial Losses from Phishing Attacks

Highest Financial Phishing Losses in U.S. States - 2022
(Reference: statista.com)

This graph gives us a picture of how phishing has financially impacted different states in the U.S. in 2022. Let's take a look at the figures:

  • Arkansas: Leading the pack, Arkansas has suffered the most, with financial losses due to phishing scams reaching $80,328.
  • New Hampshire: Following behind, New Hampshire has incurred a financial loss of $47,477 from phishing scams.
  • Nevada: In Nevada, the losses amounted to $37,478.
  • California: Despite its technological prowess, California wasn't spared either, suffering losses of $37,281.
  • Montana: In Montana, the figure stands at $31,993.
  • New Jersey: New Jersey's losses due to phishing were $30,779.
  • Utah: Utah residents and businesses lost $28,757 to phishing scams.
  • Connecticut: In Connecticut, phishing resulted in $26,092 of financial losses.
  • District of Columbia: The capital didn't fare much better, with losses of $25,562.
  • North Dakota: Phishing led to financial losses of $24,010 in North Dakota.
  • Hawaii: The island paradise of Hawaii saw losses of $22,676 due to phishing scams.
  • Louisiana: Louisiana's losses came up to $22,330.
  • Florida: Florida's losses were slightly less but still significant at $17,035.
  • Wyoming: Phishing cost Wyoming $14,696.
  • Washington: Washington state saw losses of $10,771 due to phishing scams.
  • Arizona: Arizona faced a financial hit of $9,518 due to phishing.
  • Massachusetts: The losses in Massachusetts were slightly more at $9,570.
  • Illinois: Illinois had a financial loss of $7,358.
  • Nebraska: And finally, Nebraska suffered financial losses of $8,984 due to phishing.

These figures underscore the widespread financial impact of phishing scams, which is an issue of significant concern for individuals, businesses, and governments alike.

Least Affected States by Phishing Scams

In contrast to the states hit hardest by phishing scams, the graph also gives us a glimpse of the states that were least affected in 2022. Here's the rundown:

  • Kansas: Holding the title for the least affected, Kansas reported a meager $294 loss to phishing scams.
  • Mississippi: The southern state of Mississippi also fared well, with losses at a relatively low $1,242.
  • Rhode Island: The Ocean State, Rhode Island, reported a modest loss of $4,703 to phishing scams.
  • Michigan: Michigan residents and businesses lost $3,997 to phishing.
  • Idaho: Idaho reported phishing losses at a relatively minor $983.
  • Alabama: Alabama saw a minor hit, with losses amounting to $1,172.
  • Maine: The Pine Tree state also saw a low loss at just $384.
  • Ohio: Ohio had higher losses, reaching $5,854, but still on the lower side compared to other states.
  • Maryland: Maryland saw phishing losses of $1,857.
  • Virginia: Virginia was affected to the tune of $4,995 in losses due to phishing.
  • South Carolina: South Carolina reported a modest loss of $1,355 to phishing scams.
  • West Virginia: West Virginia incurred losses of $6,302.
  • South Dakota: South Dakota saw phishing losses at $5,379.
  • Pennsylvania: The Keystone State ended the list with losses amounting to $5,815.

While these states have been less affected, the fact that they have experienced any losses at all indicates that phishing remains a threat nationwide, requiring continued vigilance and cybersecurity education.

Breaking Down U.S. Cyber Crime Costs: An Age Group Analysis

Breaking Down U.S. Cyber Crime Costs: An Age Group Analysis

(Reference: statista.com)

In our analysis titled “Breaking Down U.S. Cyber Crime Costs: An Age Group Analysis”, we delve into the 2022 financial impacts of cyber crime on different age groups in the United States. Here's what the statistics reveal:

  • 60 Years and Above: The senior demographic, those aged 60 and over, faced the highest financial loss due to cyber crime. The total loss amounted to a staggering $3.1 billion.
  • 50-59 Years: Those between 50 and 59 years old also suffered significantly, with losses reaching $1.8 billion.
  • 40-49 Years: The age group 40-49 years saw an astonishingly high loss, reaching $12.6 billion, indicating this group's high susceptibility to cyber crimes.
  • 30-39 Years: For those in their thirties, the loss was lower but still substantial at $1.3 billion.
  • 20-29 Years: Young adults aged between 20 and 29 years experienced losses of $0.38 billion, indicating that younger individuals are not immune to these attacks.
  • Under 20 Years: The youngest group, those under 20 years old, although less targeted, still reported losses amounting to $0.21 billion.

The data underscores the importance of cyber security across all age groups and the need for heightened awareness and education to prevent these costly incidents.

Phishing Statistics by Age Group

(Reference: truelist.com)

In our examination of phishing email interaction, we see some intriguing trends across various age groups:

  • 18-30 Years: This group seems to be quite aware of phishing risks, with 68% never clicking on phishing emails. However, 19% still interact with these deceptive messages, indicating a need for increased vigilance. Interestingly, 9% of this group report not understanding what a phishing email is, while 4% are completely unaware of such scams.
  • 31-40 Years: This age bracket shows higher susceptibility to phishing emails, with 32% clicking on them. Still, a majority (54%) avoid interacting with these deceptive emails. Like the younger group, 10% do not understand what phishing is and 4% are completely unaware of it.
  • 41-50 Years: Within this age group, 29% have clicked on phishing emails, while 55% avoid them completely. A slightly higher percentage, 12%, do not understand phishing, and 4% are oblivious to the term.
  • 51+ Years: The senior age group is the most cautious, with 73% avoiding interaction with phishing emails. Only 8% of this group have clicked on a phishing email, showing a lower level of vulnerability. However, 11% do not understand what phishing is, and 8% are unaware, suggesting that education about phishing needs to be extended to older age groups.

These patterns underscore the need for ongoing cybersecurity education across all age groups to combat phishing threats effectively.

(Reference: techopedia.com)

  • The above graph describes the phishing stats of the United States including total complaints and losses in 2022, resulting in both elements having increased drastically by 1,139% in the last four years.

Phishing Attack Statistics

  • As of 2022, around 55% of phishing websites have targeted branded companies for capturing sensitive information and data.
  • For reducing phishing attacks 84% of U.S. organizations are regularly conducting employee training on security awareness in 2023, which has reduced the chances of phishing a lot.
  • The targeted organizations of phishing are Google, Amazon (13%); Facebook, Whatsapp (9%) and Apple, Netflix (2%).
  • In 2022, the number of phishing attacks has increased in the last two years with 1 attack every 11 seconds.
  • According to Verizon’s report for 2022, phishing attack involves 36% of overall data breaches.
  • As of 2023, almost 3.4 billion phishing emails are being sent daily.
  • 86% of business organizations receive spear phishing and those are targeted daily.
  • 16% of the crimes are generated by phishing attack vectors that result in around 93% of the businesses facing these attacks.
  • In the United States in 2022, the email phishing scam had hiked up to 48%.
  • Out of all malware websites, almost 75% of the sites are covered with phishing sites in 2022.
  • According to reports it has been concluded that 61% failed in understanding the real and fake login pages of Amazon.
  • Phishing attacks are mainly done for two reasons for disrupting business sites (10%) and financial hacking (6%).
  • Spear phishing helps in the collection of 96% of important information from different businesses.
  • Phishing emails are difficult to identify as they are sent in the form of MS documents; Word file = 39.3%, Executable file = 19.5%, rich text file = 14%, and Excel file = 8.7%.

Technology Statistics

  • As of 2022, phishing attacks have affected almost 80% of trusted companies are Google, Amazon Web Series, and Microsoft.
  • This sector has phishing threats from spear phishing by 76% in 2022.
  • The phishing attacks this day have increased by 50% on mobile devices

Healthcare Statistics

  • In this department, phishing attacks remained an effective threat in 2022.
  • Almost 81% of organizations were affected by this common attack.
  • These organizations have started spending lots of expenses for implementing security defenses and have estimated an amount of $125 billion up to 2025.
  • In 2022, one single phishing attack has been noticed in 90% of these organizations.

SME’s Statistics

  • This sector has faced a financial loss of $25,000 on average in 2022.
  • The cost of cybercrime is going to enhance by 10.5 trillion by the end of 2025.
  • To date, only 14% of these organizations have included cyber security plans.

Financial Industry Statistics

  • 96% of phishing attacks have affected insurance companies.
  • The financial attacks have mainly targeted mobile devices and tricked employees to click on several links and thus getting trapped.
  • 24% of financial organizations have faced phishing attacks by the end of 2022.

Educational Sector Statistics

  • In 2022, the phishing attack rose by 50% in the United States and this sector is expected to be the second attack target group in coming years.
  • A total of 565,000 cases have been reported in the United States against this cybercrime by the end of 2022.

Manufacturing Sector Statistics

  • As of December 2022, the manufacturing sector has received around 85% of phishing threats.
  • The common types of attacks were made by email phishing and smishing.
  • 40% of employees in the manufacturing sector became the victim of phishing.

Conclusion

As of today, looking at the Phishing Statistics, it is clear that phishing scams or attacks are becoming more advanced in their way. In the article, it is clearly described above about those negative impacts caused in different sectors due to this phishing attack and how they have changed their graph in 2022.

Phishing emails are a recent trend that has been used by several attackers in the world and this will lead to a long-term effect within organizations thus to avoid such scams companies should implement more training on cyber security programs.

  • Statistics
  • FAQ.

    What is phishing?

    This can be defined as online attacks for stealing money from bank accounts and hacking important information from different organizations as well as from individuals.

    How to avoid phishing attacks?

    A person or organization should keep a proper eye on particular emails that they are working with and should avoid clicking unnecessary links. They should check out the website's security certificate before login into the site. Most importantly user’s laptop or mobile must include proper installation of antivirus software.

    Is phishing done only through emails?

    Not at all, attackers have many different ways of phishing such as through text messages links, via calls, social media links and many others.

    Barry Elad
    Barry Elad

    Barry is a lover of everything technology. Figuring out how the software works and creating content to shed more light on the value it offers users is his favorite pastime. When not evaluating apps or programs, he's busy trying out new healthy recipes, doing yoga, meditating, or taking nature walks with his little one.

    Read next