Phishing is a type of cyber crime whereby cyber criminals send spam messages containing malicious links, designed to get targets to either download malware or follow links to spoof websites. These messages were traditionally emails, but have since been employed through texts, social media and phone calls.
Phishing remains the most common form of cyber crime. Of UK businesses that suffered a cyber attack in 2022, 83% say the attack was phishing.
Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing attack. This is despite Google’s cyber security measures blocking 99.9% of phishing attempts from reaching users.
With an average of $136 lost per phishing attack, this amounts to $44.2 million stolen by cyber criminals through phishing attacks in 2021.
Phishing attacks largely target victims through emails. In 2021, there was a global average of 16.5 leaked emails per 100 internet users. These breached databases are sold on black marketplaces on the dark web, meaning cyber criminals can purchase them and use the addresses in phishing attacks.
2021 saw nearly 1 billion emails exposed, affecting 1 in 5 internet users. This may partly explain the continued prevalence of phishing attacks.
It is more important than ever for businesses to take cyber security seriously, particularly in heavily regulated industries such as financial services companies and law firms.
A 2019 study highlighted that spear phishing was the most popular avenue for attack for cyber criminals. These phishing campaigns were used by 65% of all known groups. The primary motive for these attacks was overwhelmingly intelligence gathering, with 96% of groups using targeted attacks for this reason.
In 2022, the most common URL included in phishing emails links to websites with the ‘.com’ domain, at 54%. The next most common domain is ‘.net’ at less than 8.9%. The most common domain names with ‘.com’ for Q2 2022 are:
The risk that phishing poses is clear. A data breach that exposes 10 million records costs businesses $50 million on average. An attack that compromises 50 million records can cost as much as $392 million.
The growing cost-of-living crises experienced by economies globally are providing fertile ground for cyber criminals to launch phishing campaigns. In the UK, scammers impersonated the energy regulator Ofgem in their attempts to harvest financial information. In response, Ofgem contacted all UK energy suppliers and asked them to update their websites with information advising customers what actions to take if they encounter a scam.
LinkedIn is used by more than 850 million people across more than 200 countries and regions. With so many people using the platform, it is the perfect target for email phishing attacks.
In Q1 of 2021, phishing emails using LinkedIn as cover were the most clicked-on social media mail, at 42%, ahead of Facebook at 20% and Twitter at 9%.
New starters that have changed their job status on LinkedIn are a key target. The criminals impersonate senior staff in their attempts to obtain personal information. Others will request employees to buy gift vouchers, such as those for iTunes, or call a given number to discuss important requirements for the job.
Since 2021, LinkedIn remains a major target for cyber criminals. In Q1 2022, LinkedIn was the most imitated brand globally, with 52% of identified phishing attacks purporting to be the platform.
A 2022 report on cyber crime rates highlights that cyber criminals are sending more emails in their campaigns. Of 1400 organisations surveyed, 80% believed it was likely they would suffer from an email-based cyber attack.
79% reported an increase in the number of emails their organisation was receiving, including 33% who said they were receiving significantly more than in previous years. What is especially worrying is that 96% reported at least one phishing attack in the last year, with 52% believing these threats to be more sophisticated.
The increasing volume of phishing emails increases the likelihood of a successful attack. 92% responded that at least one business email had been compromised. 93% had experienced data leaks due to carelessness, negligence or compromised employee credentials.
The latest cyber security systems, such as SIEM, are able to proactively scan networks for signs of intrusion. As such, cyber criminals are developing increasingly sophisticated methods of delivery for malware.
Phishing is the main delivery method for ransomware. A 2022 study of 1400 organisations found that of the 26% that had experienced a ‘significant’ increase in the number of email threats received in the last year, 88% were victimised by ransomware. Compared with the 65% that experienced ransomware without such an increase in the number of email threats, we can see the dangerous link between these two attack types.
Phishing was a primary delivery method for the notorious REvil ransomware. IBM’s X-Force observed that REvil incidents in 2021 often started with a ‘QakBot’ phishing email. This email would have a short message pertaining to unpaid invoices or something similar, and in some instances, hackers would hijack ongoing conversations to insert a malicious link.
When opened, the target would be instructed to unknowingly enable the QakBot banking trojan to be dropped into a system. REvil threat actors could then take command of the operation, conducting reconnaissance and attempting to compromise data.
For an in-depth overview of current ransomware risks and trends, read our Ransomware Statistics Guide. Or check out our Guide to Outsourcing IT for an in-depth service overview.
In late 2015 FACC, an. aerospace company specialising in aircraft components and systems, lost $47 million after a successful ‘whaling’ attack. In this case, the hackers impersonated the CEO of FACC to get an employee to send money.
Cyber criminals posed as FACC CEO Walter Stephen, sending an email to another employee requesting the transfer of funds for an ‘acquisition project’. The phishing attack was successful as the hackers managed to replicate Stephen’s writing style, lending legitimacy to the message so the unsuspecting employee would comply.
The attack was made public in early 2016, when FACC admitted the monetary loss and announced the immediate departure of the CEO. The employee who transferred the funds was also fired, along with the CFO of the company.
FACC managed to block around 10.9 million euros ($11.2 million) from being transferred, but the majority of the funds were sent to the fraudsters. This contributed to FACC recording losses of 23.4 million euros ($24 million) for the 2015/16 financial year.
The infamous 2014 Sony cyber attack saw up to 100 terabytes of data leaked from the entertainment giant, as well as extensive damage to servers and operational capacity.
While malware was used to exfiltrate the data and wipe Sony’s servers, initial access was granted through phishing emails sent to Sony executives. These emails asked for account verification, linking them to malicious sites that, when they entered their details, sent the executives’ usernames and passwords to the hackers.
The hacking group, called ‘The Guardians of Peace’ or ‘Lazarus’, were then able to access and steal information relating to employees, data on then-unreleased films and private correspondence.
The hackers claimed to have stolen 100 terabytes of data, but this has never been verified – around 40 gigabytes appeared online after the attack. The attack caused major damage to Sony’s internal systems. In the first quarter of 2015, the company set aside $15 million to deal with ongoing issues relating to the attack. In total, the attack cost Sony an estimated $100 million to resolve.
The 2021 Colonial Pipeline attack was a massive cyber attack that temporarily shut down gasoline distribution across the east coast of the USA. This prompted a state of emergency to be declared in 18 states to avoid crippling shortages.
While most of the damage was caused by a ransomware attack that locked systems, the hackers gained entry to the network through a compromised password. The hackers were likely able to get this password through phishing or social engineering.
According to Colonial Pipeline Chief Executive Joseph Blount, the legacy account linked to this password did not have multifactor authentication in place, meaning there was no second step in place to ensure the person entering the password was authorised.
As such, Colonial Pipeline was forced to pay around $4.4 million to the hackers to regain control of their systems.
Phishing is the most common form of cyber crime. Phishing attacks are usually emails, where the cyber criminal poses as an organisation or charity to elicit a second action, such as clicking on malicious email attachments or following a link to a spoof website.
Phishing attacks are often the entry point for cyber criminals to launch more serious security breaches. As such, it is crucial that individuals and employees learn to spot a phishing email to avoid potential security incidents.
Yes, phishing is the most common form of cyber crime. An estimated 3.4 billion phishing emails are sent every day.
Spear phishing emails are a targeted form of phishing. Cyber criminals already have some information about the target, such as their name, place of employment or job title. This allows the criminal to create more authentic-sounding messages to trick the target.
‘Spear phishing’ is a type of phishing attack that targets specific users.
Most types of phishing will target groups of people, using email addresses or telephone numbers taken from breached databases.
Email phishing: The most common type of phishing attack. Cyber criminals impersonate companies or charities in an email, directing potential victims to click a link and enter personal information or pay for something. Any data entered can be seen by the cyber criminals, including passwords.
Spear phishing: A targeted form of email phishing, where personal information is used to craft more genuine-sounding messages.
Whaling: A form of spear phishing, whaling is where cyber criminals target senior executives and high-ranking managers. These messages convey a sense of urgency, usually to transfer funds quickly.
Smishing: Cyber criminals send text messages posing as a company or charity. These messages work much the same way as email phishing.
Vishing: Cyber criminals call their targets and attempt to get them to give information, such as account credentials or credit card details, over the phone.
Angler phishing: Cyber criminals use social media to get information, to get targets to visit a fake website or download malware.
3.4 billion.
While it would be impossible to get a definitive answer, it’s estimated that 3.4 billion phishing emails are sent globally every day.
Over half of the victims of cyber crime globally were victims of phishing scams in 2021.
Phishing is the most common form of cyber crime. More than half of those affected by cyber crime fall victim to phishing. For businesses, this number is even higher; 83% of UK businesses that suffered a cyber attack in 2022 said they were the victim of phishing.
Blagging: Blagging messages are targeted attacks where the hacker makes up a story to try and get money or information out of the target. For instance, the target may receive an email from a ‘friend’, who needs money.
Phishing: Phishing messages are more general, usually sent in the form of malicious emails to addresses gained from a breached database. The hacker will pose as a business or charity, but the end result is the same as blagging; the hacker attempts to get the target to send money or enter information on phishing sites.
In general, cyber attacks are becoming more dangerous as criminals develop more sophisticated methods of breaching defences. This is why phishing is still successful and dangerous.
New types of phishing attacks can be rented to criminals on a subscription basis, such as ‘EvilProxy’. EvilProxy can bypass multi-factor authentication, heightening the risk of data breaches even with robust security systems in place.
79%.
79% of UK businesses that suffered a cyber attack in 2023 identified phishing as the cause.
It’s impossible to estimate the number of businesses targeted by spear-phishing attacks each day.
However, phishing is the most common form of cyber crime (79% of UK businesses that suffered an attack in 2023 reported the cause as phishing) and 3.4 billion phishing emails are sent daily – it’s likely many businesses that suffer attempted spear-phishing attacks.
In addition, 65% of known hacking groups in 2019 were using spear phishing campaigns, with 96% using targeted attacks for intelligence-gathering purposes.
79% of cyber attacks against UK businesses were identified as phishing.
91% of cyber attacks begin with a phishing email to a victim.
Google, Surfshark, UK government, ISTR, Cofense, Mimecast, LinkedIn, Bulletproof, Check Point, IBM, Kaspersky, AtlasVPN, NCSC, IT Governance, Reuters, Wired, Office for National Statistics, IC3, Statista, Canadian Anti-Fraud Centre, Statistics Canada, Valimail, Verizon, F5 Labs, Law Society, Tessian, Webroot, Deloitte
Browse more articles from our experts and discover how to make better use of IT in your business.
Technology is both an asset and a challenge for financial firms as they adapt to a more digital economy. Discover some of the biggest technology challenges in the finance sector and how firms can overcome them. Read More
Read the latest cyber crime statistics, updated for January 2025, and see how the threat landscape has changed in recent years. Read More
Ransomware is an ever-present threat to cyber security worldwide. See how it has affected individuals and organisations with the latest ransomware statistics, updated for January 2025. Read More
