Both enterprise and SMB businesses can learn a lot from the latest phishing attack statistics. Unfortunately, the numbers show that business email compromise and other tactics continue to grow to harm organizations of all sizes. The best protection is to remain informed.
To that end, we’ve put together a catalogue of information to provide visibility into the true scope of the problem. Below is information about current email phishing trends, as well as fraudster strategies and tactics. Companies can use it to understand what they need to look out for, and do more to protect themselves now and in the future.
The Scope of the Email Phishing Attack Problem
1. A new phishing site is created on the internet every 20 seconds. Fraudsters move quickly, innovate, and adapt. Businesses must prepare to do the same. — CSO Online
2. 85.7% of all phishing attacks occur against targets in the USA. American organizations must be particularly vigilant to prevent phishing attacks. — PhishLabs
3. 90% of security breaches occur as a result of a phishing attack. That proves that despite the straightforward nature of attacks, they remain the largest security risk for companies. — Digital Guardian
4. Nearly 1 in 5 email users will encounter a phishing attack email. — SecureList
5. 56% of SMEs reported malware attacks against their business. Fraudsters target more than just enterprise organizations. They will prey on any organization where they see an opportunity — MYKI
6. More than two out of three organizations reported a noticeable increase in the number of impersonation fraud attacks directed against them. In other words, it’s important for organizations to realize they are not just a face in the crowd, but can easily become a target. — Mimecast
7. The WannaCry and NotPetya malware attacks affected 200,000 machines, across 100 different countries, in just 24 hours. — Webroot
Successful Phishing Attacks Statistics
8. Fraudsters succeed in one out of every ten email phishing attacks, proving organizations still don’t do enough to protect themselves. — PhishProtection
9. Recipients open 70% of phishing attempts they receive. Such a high number shows how poorly people recognize these types of attacks. — FireEye
10. Mid-sized companies can expect to lose an average of $1.6 million every time a fraudster successful targets them. It’s a number few can afford, underscoring the need to remain proactive. — Lastline
11. The FBI released data showing that business email compromise cost businesses 12 billion dollars between October, 2013 and May, 2018. This shows just how important it is for merchants to take this problem seriously. — FBI
12. Apple is the the most frequently impersonated brand by fraudsters. It accounts for 27.2% of all phishing URLs. An important reminder that fraudsters prey on habits such as trust when creating scams. — Cyren
13. Russian hackers only needed a 2% success rate on an email phishing attack to cause serious damage to Hillary Clinton’s presidential campaign. That’s proof that just one or two sucessfull attacks can cause major damage. — VICE
Types of Email Phishing Attacks
14. SaaS and webmail service companies were the most frequent target of fraudsters in Q1 2019. They accounted for 36% of all phishing attacks. — APWG
15. Malware accounts for 28% of attacks against businesses and organizations. Although high-profile hacking gets most of the attention, phishing attacks remain a huge problem. — Verizon
16. Adware.Elex.ShrtCln, Adware.Yontoo, and Trojan.WMIHijacker.ClnShrt are the three most common malware attacks against the healthcare industry. — Malwarebytes
17. APWG detected 51,401 different phishing websites in June of 2018. A sobering number illustrating just how widespread the attack epidemic really is. — APWG
18. Organizations targeted by email phishing scams received 50 or more fraudulent emails across all their organizational accounts. That proves the need for organization-wide vigilance at all time. —Proofpoint
Phishing Attack Statistics on Mobile
19. Using a mobile devices makes someone 18x more likely to encounter a phishing attack email. — PhishProtection
20. Mobile users are 3x more likely to become a victim of an email phishing attack then desktop users. — Wandera
21. The number of mobile users becoming victims of a phishing attack every year increased 85% since 2011. Users must do more to remain vigilant even when accustomed to rapid fire use of mobile devices. — MetaCompliance
22. In one sample, 56% of users clicked on a URL that was a phishing attack. — Lookout
23. BankBot, RedAlert2, and Marcher are the three most prevalent mobile trojans targeting organizations. — PhishLabs
Phishing Attacks in the Healthcare Industry
24. Simulated attacks run by security companies showed that the median click rate of phishing attack emails at hospitals is 16.7%. Even organizations handling sensitive information must educate employees about best practices to prevent email phishing attacks. — JAMA Network
25. 41% of healthcare companies suffer data breaches, the highest amount of any type of organization or entity. — CISO magazine
Take Action on the Reality of Phishing Attack Statistics
Preventing business compromise attacks, account takeovers, and other kinds of email phishing scams is a difficult job. However, many options exist for companies looking to do more to protect themselves.
Many of the top fraud protection companies provide both enterprise and SMB organizations with data security, risk management, and other services. If you want to learn more about what is out there, be sure to check out our business directory. It provides an objective look at dozens of the most popular eCommerce fraud prevention and email phishing prevention solutions for businesses of all sizes, across all verticals.