Top 30 Phishing Statistics and Trends You Must Know in 2024

Phishing remains one of the biggest cyber threats in 2024, evolving with AI tools and targeting businesses and individuals alike. With phishing emails contributing to a significant number of data breaches, it's essential to stay updated on the latest phishing statistics and phishing trends. Let’s dive into the current phishing insights and trends shaping cybersecurity in 2024.

Highlights of 2024’s Phishing Statistics

Phishing remains a primary attack method, as most cyberattacks begin with a phishing email.

According to GreatHorn, 57% of organizations face phishing scams weekly or daily. Nearly 1.2% of all emails sent are malicious, accounting for 3.4 billion phishing emails daily.

Human error continues to play a significant role, contributing to 74% of security breaches, according to the Verizon Data Breach Investigations Report (DBIR) 2023. IBM also reports that phishing scams are the leading initial attack vector, responsible for 41% of incidents.

Meanwhile, CSO Online reports that 80% of security incidents are attributed to phishing, with losses totaling $17,700 every minute due to these attacks.

Phishing Trends in 2024

As phishing tactics become more sophisticated, several key phishing trends have emerged in 2024:

1. Targeting Financial Institutions: APWG reports that 23% of phishing attacks in Q2 2023 were aimed at financial institutions, with social media platforms and SaaS companies accounting for 22.3% each.
2. Deceptive Links Dominate: Cloudflare reports that deceptive links were the most common phishing method, making up 36% of phishing threats from their analysis of 13 billion emails.
3. Brand Impersonation: Attackers frequently impersonate popular brands like Microsoft, Google, and Amazon. According to Cloudflare’s phishing stats, 51.7% of malicious emails were disguised as communications from these companies.
4. AI-Driven Phishing: AI-powered phishing attacks are harder to detect as attackers use AI to craft human-like messages. Zscaler ThreatLabs indicates that this trend is on the rise, making it harder for conventional security measures to block these attacks.
5. Ransomware via Phishing: 35% of ransomware attacks are initiated through phishing emails, showing how critical email security has become in mitigating ransomware attacks

30 Current Phishing Statistics Insights

In 2024, phishing remains one of the most dangerous and widespread cyber threats. From traditional email-based attacks to more sophisticated methods like voice phishing (vishing) and SMS phishing (smishing), organizations across all industries are struggling to defend against these constantly evolving tactics. Here are the 30 most critical phishing statistics defining the current cyber landscape, including new insights from Keepnet's research on social engineering threats like vishing.

1. 57% of organizations experience phishing attacks daily or weekly (GreatHorn).
2. 1.2% of all emails sent daily are malicious, equating to 3.4 billion phishing emails (APWG).
3. 74% of security breaches involve human error or social engineering (Verizon DBIR 2023).
4. Phishing initiates 41% of cyber incidents (IBM).
5. 80% of reported security incidents are caused by phishing (CSO Online).
6. Businesses lose $17,700 per minute due to phishing attacks (CSO Online).
7. 23% of phishing attacks target financial institutions, with 22.3% aimed at social media and web-based services (APWG).
8. Deceptive links account for 36% of phishing threats (Cloudflare).
9. 51.7% of malicios emails impersonate major brands like Microsoft and Google (Cloudflare).
10. 35% of ransomware attacks originate from phishing emails (Cloudflare).
11. AI-powered phishing is becoming harder to detect, with AI-generated messages that mimic human behavior (Zscaler).
12. Credential theft remains the most common goal of phishing attacks (IBM).
13. A new phishing website appears every 20 seconds worldwide (DataProt).
14. 36% of data breaches in the US are caused by phishing (Verizon DBIR 2023).
15. 91% of security managers doubt the effectiveness of traditional security training against phishing (Cloudflare).
16. 493.2 million phishing attacks were reported in Q3 2023, a 173% increase from Q2 (Cloudflare).
17. Facebook was the most impersonated brand in phishing URLs in 2023 (Cloudflare).
18. 89% of malicious emails bypassed email authentication methods like SPF, DKIM, and DMARC (Cloudflare).
19. 35.6% of phishing attacks involve clicking on malicious links, making them the top delivery method (CrowdStrike).
20. 50% of phishing emails now include attachments like PDFs or QR codes, which are harder to detect (Cloudflare).
21. 70% of organizations unknowingly share sensitive information during vishing (voice phishing) simulations, according to Keepnet Labs' 2024 Vishing Response Report.
22. On average, vishing attacks cost organizations $14 million annually, highlighting the financial toll of phone-based fraud (Keepnet).
23. Customer support departments were identified as the most vulnerable to vishing attacks, with their high volume of external communications making them primary targets (Keepnet).
24. 6.5% of users were deceived by simulated vishing calls, indicating the need for enhanced security training (Keepnet).
25. 40.3% of users did not answer vishing calls, which could either show caution or lead to potential security risks due to missed warnings (Keepnet).
26. Companies with the lowest vishing rates typically use advanced vishing simulation software, demonstrating the effectiveness of proactive training (Keepnet).
27. Vishing attacks have increased by 30% in the last year, showing the growing use of phone-based social engineering (Keepnet).
28. 76% of businesses were hit by smishing (SMS phishing) or scam text messages in the past year, resulting in a 328% increase in incidents and average losses of $800 per incident globally (Keepnet).
29. Phone scams caused $39.5 billion in losses last year, with vishing emerging as one of the most damaging forms of fraud (Keepnet).
30. Senior citizens were disproportionately targeted by vishing, with a 40% increase in attacks in the last two years, making them a key demographic for scammers (Keepnet).

These phishing stats show just how widespread and damaging phishing attacks have become. From email-based phishing to advanced methods like vishing and smishing, organizations must remain vigilant and proactive. Implementing phishing simulations, vishing simulations, and security awareness training can drastically reduce the risks associated with these cyber threats. Keepnet Labs' solutions offer businesses the tools they need to stay protected and avoid costly data breaches and financial losses.

Phishing Attacks That Cause Serious Harm in 2024

Here are three examples of significant phishing attacks from 2024:

1. Twilio Phishing Attack: Twilio’s systems were breached through a sophisticated spear-phishing campaign, compromising sensitive customer data.
2. SOVA Android Malware via Phishing: This malware was distributed through phishing emails, leading to ransomware demands and file encryption on victims' devices.
3. Petya Ransomware Resurgence: Petya ransomware re-emerged in 2024, targeting businesses via phishing emails and encrypting entire networks.