In December 2023, around 9.45 million phishing e-mails were detected worldwide, up from 5.59 million in September 2023. This figure has seen a continuous increase since January 2022. It is partially associated with the launch of ChatGPT in November 2022.

During the third quarter of 2024, 30.5 percent of phishing attacks worldwide targeted Social media. Web-based software services and webmail followed, with around 21.2 percent of registered phishing attacks. Furthermore, Financial institutions accounted for 13 percent of attacks.

Surveys of working adults and IT security professionals worldwide conducted in 2021 and 2023 found that the share of organizations experiencing severe consequences due to a successful cyber attack had declined. In 2023, the share of enterprises experiencing a breach of customer or client data was 29 percent, down from 44 percent in 2022. Ransomware infections that occurred through e-mail were common for 32 percent of the respondents in 2023. Cases of a credential or account compromise occurred in 27 percent of the organizations in 2023, a decrease of 25 percent compared to the year prior.

In 2023, users in Vietnam were most frequently targeted by phishing attacks. The phishing attack rate among internet users in the country was 18.91 percent. In the examined year, Peru was the second region, with an attack rate of nearly 17 percent, while Taiwan followed with 15.59 percent.

In 2023, over 298 thousand individuals in the United States reported encountering phishing attacks. This figure had decreased by 0.5 percent compared to the previous year, when the number of phishing attacks nationwide amounted to over 300 thousand. However, in 2020 and 2019, this number was relatively low, around 241 thousand and 114 thousand, respectively.

As of December 2023, Indonesia recorded around 3,605 of phishing attacks, an increase compared to the previous month. From the first quarter to the fourth quarter of 2023, the highest number of phishing attacks happened in February, amounted to around more than 15 thousand cases.

In 2023, the most common type of cyber crime reported to the United States internet Crime Complaint Center was phishing and spoofing, affecting approximately 298 thousand individuals. In addition, over 55 thousand cases of personal data breaches cases were reported to the IC3 during that year. Dynamic of phishing attacks Over the past few years, phishing attacks have increased significantly. In 2023, almost 300 thousand individuals fell victim to such attacks. The highest number of phishing scam victims since 2018 was recorded in 2021, approximately 324 thousand.Phishing attacks can take many shapes. Bulk phishing, smishing, and business e-mail compromise (BEC) are the most common types. In 2023, 76 percent of the surveyed worldwide organizations reported encountering bulk phishing attacks, while roughly three in four were targeted by smishing scams. Impact of phishing attacks Among the most targeted industries by cybercriminals are healthcare, financial, manufacturing, and education institutions. An observation carried out in the first quarter of 2023 found that social media was most likely to encounter phishing attacks. According to the reports, almost a quarter of them stated being targeted by a phishing scam in the measured period. Very often, phishing e-mails contain a crucial risk for the organization. Almost three in ten worldwide organizations that have experienced phishing attacks suffered from a customer or a client data breach as a consequence. Phishing scams that delivered ransomware infections were also common for the surveyed organizations.

In 2023, around 27.32 percent of total phishing attacks worldwide targeted financial institutions, down from 36.3 percent in 2022. Among the organizations attacked by financial phishing, web services were the most targeted, with more than 24 percent of phishing attacks involving them.

Phishing attacks on businesses increased in 2019 with the United States having the highest increase in attacks. According to a survey of IT security professionals, 57 percent of U.S. respondents stated that their organization had experienced an increased rate of phishing attacks compared to the previous year. Only 29 percent of responding professionals from France stated the same.

A 2021 survey of IT security specialists worldwide found that 79 percent of organizations saw spear phishing attacks. Furthermore, 13 percent of respondents said their organization saw more than 50 such attacks. These types of phishing attacks usually target specific users.

In 2021, Brazil and Ecuador were the two countries in Latin America and the Caribbean with the highest share of users targeted by phishing attacks, standing at 12.39 percent and 10.73 percent, respectively. Through these attacks, users are susceptible to various types of malicious software, including ransomware, which, upon infection, blocks access to data until a payment is received in return. Additionally, Brazil ranked first worldwide as the country with the most attacks of this type in the examined year.

In 2023, web services were targeted most by phishing attacks. They accounted for over 24 percent of financial phishing attacks worldwide. Delivery company ranked second with nearly 16 percent, while Global internet portals followed with 14.46 percent of the phishing attacks in the examined year.

As of the fourth quarter of 2023, the majority of phishing attacks in Indonesia were targeted on social media platforms, reaching 64.34 percent. It was followed by financial institution platforms, with a share of about 20.58 percent.

In 2022, the District of Columbia had the highest number of phishing attack victims per 100,000 residents among all U.S. dates. Over 25 people per 100,000 residents reported phishing attacks in the measured year. With around 22 victims per 100,000 people, Wisconsin ranked second, while Nevada followed, with nearly 14 victims.

In the 3rd quarter of 2024, over 932 thousand unique phishing sites were detected worldwide, representing a slight increase from the preceding quarter. By far, the number of unique phishing sites has seen the most significant jump between the second and the third quarters of 2020, from nearly 147 thousand to approximately 572 thousand. This figure is based on the number of the unique base URLs of the phishing sites.

The number of phishing attacks in 2023 in Romania peaked in April, totaling 39,615 cyber attacks, which accounted for half of all phishing attacks in that year. By contrast, in December the number of phishing crimes was 1,385.

The number of phishing attacks in the Philippines during the first half of 2022 already surpassed the number of attacks in the whole year of 2021. In that period, over 1.8 million attacks have been detected compared to 1.34 million attacks in 2021. Among the most prevalent types of phishing attacks in the country were targeted at payment systems, e-commerce shops, and local banks.

This statistic gives information on the online websites and brands whose names were most frequently used during phishing attacks in 2018. During this period of time, 6.86 of all detected phishing attacks named Microsoft.

In 2023, global internet portals saw more than 16 percent of phishing attacks worldwide, making it the most targeted industry by phishing. Web services ranked second, while Online stores and banks followed, with over 12 and 11.29 percent of the attacks directed to these industries.

In 2022, PayPal was the most frequently impersonated payment service in financial phishing attacks worldwide. Roughly 84 percent of the attacks impersonated this service. MasterCard International was the second-most often exploited payment system in attacks aiming at luring users into giving their information, with nearly four percent of the cases.