In December 2023, around 9.45 million phishing e-mails were detected worldwide, up from 5.59 million in September 2023. This figure has seen a continuous increase since January 2022. It is partially associated with the launch of ChatGPT in November 2022.

In 2023, over 298 thousand individuals in the United States reported encountering phishing attacks. This figure had decreased by 0.5 percent compared to the previous year, when the number of phishing attacks nationwide amounted to over 300 thousand. However, in 2020 and 2019, this number was relatively low, around 241 thousand and 114 thousand, respectively.

In 2023, users in Vietnam were most frequently targeted by phishing attacks. The phishing attack rate among internet users in the country was 18.91 percent. In the examined year, Peru was the second region, with an attack rate of nearly 17 percent, while Taiwan followed with 15.59 percent.

In 2023, the most common type of cyber crime reported to the United States internet Crime Complaint Center was phishing and spoofing, affecting approximately 298 thousand individuals. In addition, over 55 thousand cases of personal data breaches cases were reported to the IC3 during that year. Dynamic of phishing attacks Over the past few years, phishing attacks have increased significantly. In 2023, almost 300 thousand individuals fell victim to such attacks. The highest number of phishing scam victims since 2018 was recorded in 2021, approximately 324 thousand.Phishing attacks can take many shapes. Bulk phishing, smishing, and business e-mail compromise (BEC) are the most common types. In 2023, 76 percent of the surveyed worldwide organizations reported encountering bulk phishing attacks, while roughly three in four were targeted by smishing scams. Impact of phishing attacks Among the most targeted industries by cybercriminals are healthcare, financial, manufacturing, and education institutions. An observation carried out in the first quarter of 2023 found that social media was most likely to encounter phishing attacks. According to the reports, almost a quarter of them stated being targeted by a phishing scam in the measured period. Very often, phishing e-mails contain a crucial risk for the organization. Almost three in ten worldwide organizations that have experienced phishing attacks suffered from a customer or a client data breach as a consequence. Phishing scams that delivered ransomware infections were also common for the surveyed organizations.

Surveys of working adults and IT security professionals worldwide conducted in 2021 and 2023 found that the share of organizations experiencing severe consequences due to a successful cyber attack had declined. In 2023, the share of enterprises experiencing a breach of customer or client data was 29 percent, down from 44 percent in 2022. Ransomware infections that occurred through e-mail were common for 32 percent of the respondents in 2023. Cases of a credential or account compromise occurred in 27 percent of the organizations in 2023, a decrease of 25 percent compared to the year prior.

As of December 2023, Indonesia recorded around 3,605 of phishing attacks, an increase compared to the previous month. From the first quarter to the fourth quarter of 2023, the highest number of phishing attacks happened in February, amounted to around more than 15 thousand cases.

As of the fourth quarter of 2023, the majority of phishing attacks in Indonesia were targeted on social media platforms, reaching 64.34 percent. It was followed by financial institution platforms, with a share of about 20.58 percent.

In 2023, around 27.32 percent of total phishing attacks worldwide targeted financial institutions, down from 36.3 percent in 2022. Among the organizations attacked by financial phishing, web services were the most targeted, with more than 24 percent of phishing attacks involving them.

The number of phishing attacks in 2023 in Romania peaked in April, totaling 39,615 cyber attacks, which accounted for half of all phishing attacks in that year. By contrast, in December the number of phishing crimes was 1,385.

In 2023, web services were targeted most by phishing attacks. They accounted for over 24 percent of financial phishing attacks worldwide. Delivery company ranked second with nearly 16 percent, while Global internet portals followed with 14.46 percent of the phishing attacks in the examined year.

In the second quarter of 2023, smartphone users in North America encountered around 484.5 thousand phishing and malicious attempts worldwide, making it the region with the highest number of such incidents. Europe ranked second, with more than 462 thousand phishing and malicious attempts.

In the 3rd quarter of 2024, over 932 thousand unique phishing sites were detected worldwide, representing a slight increase from the preceding quarter. By far, the number of unique phishing sites has seen the most significant jump between the second and the third quarters of 2020, from nearly 147 thousand to approximately 572 thousand. This figure is based on the number of the unique base URLs of the phishing sites.

In 2023, global internet portals saw more than 16 percent of phishing attacks worldwide, making it the most targeted industry by phishing. Web services ranked second, while Online stores and banks followed, with over 12 and 11.29 percent of the attacks directed to these industries.

In 2023, half of the social engineering attacks worldwide were scams, making it the most common type of cyberattack in this category. Phishing ranked second, with 35.5 percent of the attacks, while business e-mail compromise (BEC) made up nearly 11 percent of the total spear-phishing attacks.

In 2023, individuals over 60 years in the United States accounted for the highest amount of financial losses of reported cyber crime in the United States. People in this age group lost around 3.4 billion U.S. dollars. Despite filing the second highest number of complaints, cyber crime victims aged between 30 and 39 old did not have as high financial losses.

A 2022 survey of working adults and IT professionals worldwide revealed that bulk phishing attacks were the most common cyber incidents experienced by 85 percent of organizations in 2022. Spear phishing ranked second, with three in four respondents stating having encountered such incidents during the same year. Overall, between 2021 and 2022, there has been a decrease in the most common types of attacks.

As of January 2023, phishing, spear phishing, or smishing were the most common types of cyberattacks in France, with around six in 10 companies encountering it. The exploitation of a vulnerability ranked second, with 43 percent. The third most common cyberattack was denial-of-service attack (DOS), detected by 34 percent of the respondents.

Phishing was the most prevalent form of scam in Australia in 2023, with over 108.6 housand incidents reported. There were also around 39.5 thousand reports of false billing.

A March 2023 research found that AI-generated phishing e-mails tricked 65 percent of users into revealing personal information in input fields linked in the e-mails. On the contrary, human-generated phishing e-mails provoked 60 percent of the receivers into such interaction. Meanwhile, the share of individuals who clicked on malicious links or attachments in human-generated phishing e-mails was 27 percent, compared to 21 percent clicks in AI-written e-mails.

In 2023, Amazon was the most commonly impersonated online shopping brand in financial phishing attacks targeting global online shoppers. Phishing attacks impersonating Amazon made up approximately 34 percent of all online financial phishing attacks in the examined year. Apple was the second-most abused brand name, with scammers impersonating the popular tech company in approximately 18.66 percent of the global phishing attacks targeting online users.