Social Engineering Statistics By Types, Challenges and Facts

Barry Elad

Updated · Aug 21, 2023

Social Engineering Statistics By Types, Challenges and Facts


Social Engineering Statistics: The reports say that 98% of all cyber-attacks are the result of social engineering, which is illegal. The term “social engineering” refers to a group of techniques used to trick, manipulate, or manipulate a victim into disclosing private information, by allowing access to a computer system. Attackers who are using this pose themselves as well-known individuals of any recognized organization. This article is all about digging out some important statistics and understanding how social engineering has become a part of millions of cyber attacks.

Editor’s Choice

  • Most cyberattacks (98%) involve tricks or manipulation, called social engineering.
  • There are way more fake websites trying to deceive you (phishing) than there are websites trying to install bad software (malware).
  • In 2020, three out of four companies around the world faced phishing attacks.
  • In the US, phishing was the top cybercrime in 2020 with over 240,000 incidents.
  • Every 11 seconds, a harmful software called ransomware successfully attacks someone.
  • In 2019, if a company's data was stolen, each piece of data cost them $150.
  • The US government set aside $19 billion in 2021 to protect against cyber threats.
  • By 2022, crafty criminals using tricks to deceive became the biggest cybersecurity problem.
  • A major data theft caused by these tricks can cost a company about $4 million.
  • By 2023, more than three out of four Americans will have received a deceptive email aiming to scam them.
  • Almost all businesses (96%) have been targeted with such deceptive emails.
  • By the end of 2022, most business leaders (68%) felt that the danger from cyber threats was growing.
  • Only half of American organizations are prepared for cyberattacks.
  • Nearly half of the security problems were because someone was tricked into revealing information.
  • American organizations face over 700 trick-based cyberattacks each year.
  • Most Americans (84%) have been targeted by a deceptive email trying to scam them.

Facts About Social Engineering

  • As of 2022, 46% of United States organizations and 93% of individuals got affected by social engineering.
  • 82% of data breaches involve people, according to social engineering trends.
  • By the end of 2022, there was a 20% increase in social media attacks, text phishing, and voice phishing in the U.S.
  • Social engineering has only been addressed by 27% of American organizations claiming to have security awareness training programs on social engineering.
  • According to the survey of Proof Point around 63% were aware of the term phishing.
  • Cyber attacks rose due to social engineering by 30% in the 3rd quarter of 2022 as compared to the same time in 2021 and in the 2nd quarter, it increased by 10%.
  • Phishing attacks are responsible for 90% of all data breaches which indicates the need for better data protection.
  • Social engineering is used in 98% of attacks.

Types Of Social Engineering Attacks

  • Baiting
  • CEO Fraud
  • Phishing
  • Pre-texting
  • Spear Phishing
  • Business Email Compromise
  • Quid Pro Quo

Challenges of Social Engineering

  • Criminals that utilize social engineering get access to systems by engaging users' confidence, who frequently isn’t aware that anything is wrong.
  • Nowadays, social engineering hazards are so common that businesses and people have probably seen attempts online or fallen victim to one without realizing it. These threats utilize the behavioral psychology of human beings to accomplish such evil purposes.
  • Baiting, pretexting, and phishing are the three major attacks of social engineering.
  • Knowing the exact amount of cyber security protection and expenditure is a significant challenge for every organization.
  • Even companies that use cloud services struggle with privacy problems like improper settings and insufficient credentials and access management.

General Social Engineering Statistics

  • In 2022, phishing victims reported 300,497 incidents to the US-based IC3.
  • A loss of more than $2.7 billion was faced by US victims of business email compromise incidents in 2022.
  • As of 2022, 39% of American people said they have received fraudulent texts requesting personal information in the form of links and/or attachments.
  • 27% of people reported receiving questionable voicemails that demanded personal information from the U.S. recipient in 2022.
  • 36% of U.S. people have been scammed by phishing emails.
  • Social engineering is only recognized as a cyber security problem by 51% of the U.S. people.


  • Most Cyber Attacks Trick People: 98% of cyberattacks use tricks to get what they want. (Source: Purplesec)
    Companies Get Tricked a Lot: The average company is tricked 700+ times a year.
    (Source: ZD Net)
  • Many Data Leaks Use Tricks: 70-90% of data leaks are because someone was fooled. (Source: KnowBe4)
    Fake Emails are a Big Deal: 1 in 4 data leaks happen because of fake emails.
    (Source: Verizon)
  • Fake Emails Got Worse in 2021: 83% of U.S. organizations got a fake email in 2021.
    (Source: Proof Point)
  • Facebook is Often Faked: 14% of fake websites looked like Facebook in 2021.
    (Source: PR Newswire)
  • Amazon Emails are Mostly Faked: 17.7% of fake emails pretended to be from Amazon.
    (Source: Tech Radar)
  • Tricks are Expensive: Companies lose $130,000 on average from these tricks.
    (Source: Security Info Watch)
  • Bosses are a Big Target: CEOs get fake emails 57 times a year.
    (Source: ZD Net)
  • IT People Get Targeted Too: IT professionals are tricked 40 times a year.
    (Source: ZD Net)
  • Very Specific Fake Emails Work: 95% of big company network attacks start with a specific fake email.
    (Source: Security Intelligence)
  • Government Gets Tricked Often: 69% of public service data leaks involve tricks.
    (Source: Verizon)
  • Google Blocks Many Fake Sites: Google blocked over 2.1 million fake sites in 2020.
    (Source: Google)
  • Fake Sites Look Real: 84% of fake sites looked secure in 2020.
    (Source: APWG)
  • Mass Fake Emails Rose in 2021: 86% of organizations got mass fake emails in 2021.
    (Source: Proof Point)
  • Fake Texts Increased: 74% of companies got fake texts in 2021.
    (Source: Proof Point)
  • Social Media Tricks are Rising: 74% of companies saw tricks on social media in 2021.
    (Source: Proof Point)
  • Many Don't Know the Tricks: Only 53% know what a fake email is, and even fewer know about fake texts or calls.
    (Source: Proof Point)
  • Many Click on Fake Links: At least one person clicked on a fake link in 86% of organizations.
    (Source: CISCO)
  • Some Get Fined for Clicking: 11% of companies that got tricked were fined.
    (Source: Proof Point)
  • Few Train Their People: Only 27% of companies teach their employees about these tricks.
    (Source: Get App)

Attacks Experienced by Social Engineering in the United States

  • 48% of people received suspicious emails for are asking for personal information.
  • 39% of people receive suspicious link texts those are asking for personal details for login credentials.
  • 37% were seen to be disturbed by various pop-up ads if once clicked become very difficult to close.
  • Another 37% received work or business-related emails and those are continuously asking to reply to their survey analysis.
  • 32% of people have received dangerous emails that are offering loans and require personal details.

Simplified Statistics on U.S. Cyber Attack Victims

  • Science and Education: Got hit by 8% of the attacks. It's like out of every 100 attacks, 8 targeted schools and labs.
  • Government: 18% of the attacks went after the government. Almost 1 in 5 attacks aimed here.
  • Healthcare: Hospitals and clinics were targeted in 8% of attacks. They faced the same risk as science and education.
  • Manufacturing: Factories and industries also got 8% of the cyber troubles. They are in the same boat as healthcare and education.
  • Services: 7 out of 100 attacks aimed at service businesses, like shops or restaurants.
  • Information Technology: The tech guys weren't safe either; 6% of attacks went after them.
  • Finance: Banks and financial institutions faced 5% of the cyberattacks. That's like 5 out of every 100 attacks.
  • Others: 19% of the attacks went after various other areas that aren't listed above.
  • Multiple Targets: Some attacks didn't stick to just one type of victim. 21% hit several industries at once.


Computers, Servers & Network Equipment:

  • Organizations: 82 out of 100 times, the bad guys targeted computers and network stuff at businesses.
  • Individuals: 39 out of 100 times, personal computers and networks were the target.

People (like via scams or social engineering):

  • Organizations: 46 out of 100 times, people at work got tricked or targeted.
  • Individuals: This is big! 93 out of 100 times, regular folks got tricked or targeted at home.

Web Sources (like websites):

  • Organizations: 20 out of 100 times, company websites were under attack.
  • Individuals: It's rare for personal websites. Only 1 out of 100 got attacked.

Mobile Devices:

  • Organizations: It's pretty rare for businesses. Only 1 out of 100 mobile devices in companies got attacked.
  • Individuals: 14 out of 100 times, people's personal phones or tablets were the target.


  • Organizations: 1 out of 100 attacks were on different types of targets at businesses.
  • Individuals: 4 out of 100 attacks aimed at other personal stuff not listed above.

Ways to Prevent a Social Engineering Attack

Online bad guys might try to trick you to get your personal info. Here's how you can stop them:

  • Stay Alert – Don't open strange emails or click on weird links. If an offer looks too good, it's likely a trap.
  • Double Up on Security – Use two-step login (like a code sent to your phone). Keep your apps updated and have an antivirus.
  • Mix Up Passwords – Don't use the same password everywhere. Choose strong ones. If that's hard, try a password-keeping tool.
  • Learn Their Tricks – Bad guys keep changing their tactics. Learn about the latest scams so you can spot them.
  • Protect Your Identity – Some tools can warn you if your info is found in shady places online and even help if someone steals your identity. Consider using them.

Easy-to-Understand Cyber Safety Points

  • Cyber Tricks are Super Common: 98% of online attacks trick people to get into systems. Some employees (21% of them) might even use these tricks on purpose to harm the company. (Source: Purplesec)
  • Most Data Breaches Happen Because of Tricks: Rather than breaking into computers, scammers prefer fooling people. Almost 70-90% of data leaks are because of these tricks. They especially like targeting places like hospitals, government offices, and universities because of the juicy info they have. (Source: GlobalSign)
  • Loads of Fake Websites Out There: Google spotted over 2 million fake websites by January 2021. Bad guys use stolen data from these sites for even more attacks. In 2020 alone, they added 22 million new records to hidden illegal web areas. (Source: IDAGENT)
  • Fake Emails are the Big Problem: While there are many fake websites, 96% of scammy tricks happen through emails. They'll make things sound urgent to trick you. Some favorite words they use: “urgent,” “payment,” and “important.” (Source: Tessian)
  • Fake Microsoft Emails are Super Popular: Almost half of the scam emails pretend to be from Microsoft because loads of people use Microsoft Office. Other big company names they fake include DHL, PayPal, and Google. (Source: Spamtitan)
  • Be Careful of Files in Emails: Often, scammers send files that look like regular documents. But 74% of the time, they're sneaky files that, when clicked, can harm your computer. (Source: ESET Threat Report)
  • Phishing Can Be Costly: Getting tricked can hurt. 18% of people who get fooled lose money. But it's not just about cash; it's about stealing data, too. After a successful scam, many companies report lost data, and some even get harmful software on their networks. (Source: Tessian)
  • Statistics
  • Barry Elad
    Barry Elad

    Barry is a lover of everything technology. Figuring out how the software works and creating content to shed more light on the value it offers users is his favorite pastime. When not evaluating apps or programs, he's busy trying out new healthy recipes, doing yoga, meditating, or taking nature walks with his little one.

    Read next