Phishing - Statistics & Facts
Phishing – a common term associated with e-mail fraud has emerged as one of the most prominent cyberattacks today. Victims are lured via fake correspondence, often in the form of e-mails or social media messages, leading to carefully constructed phishing sites. Such sites, often masquerading as log-in pages or online forms, then capture users’ data, which is subsequently used to commit online fraud or identity theft. It is also not uncommon for links in one of these cleverly disguised messages to create a gateway for malware to make its way into a system.
In 2024, over 38 million phishing attacks were detected worldwide, and in the first quarter of 2024 only, there were nearly one million unique phishing sites worldwide. Overall, phishing attacks made up the quarter of cybersecurity incidents worldwide.
With the development of generative AI, writing a phishing e-mail has become easier. Individuals with little to no technical skills have started buying the so-called, phishing- as-a-service (PhaaS) packages on dark web. These packages include different kinds of malicious software, malicious alternatives for common generative AI tools, as well as jailbreaking techniques. In such circumstances, strong cybersecurity posture is more than necessary.
In 2024, over 38 million phishing attacks were detected worldwide, and in the first quarter of 2024 only, there were nearly one million unique phishing sites worldwide. Overall, phishing attacks made up the quarter of cybersecurity incidents worldwide.
Most common types of phishing attacks
Phishing takes many forms, depending on the way of communication, mobile, social media, e-mail, and other. Business e-mail compromise (BEC) is a type of phishing attack that targets organizations by sending phishing e-mails to employees. In 2024, the law enforcement in the United States recorded 21,442 BEC attacks. As of February 2025, the most common category of a phishing e-mail was invoice. Roughly 32 percent of detected phishing e-mails had this subject. Payment and invoice category ranked second, with over 26 percent. In recent years, phishing through QR code has become more popular. In a survey conducted between February 2024 and February 2025, a similar share of employees at worldwide organizations, as well as customers of service providers, stated having encountered QR code attacks.The human error
Phishing attacks remain successful because people keep falling for them. The growing impact of generative AI does not help either. In a work setting, falling for a phishing scam is often considered shameful and seen as lack of professionalism. However, many factors usually contribute to this – lack of time, being exhausted by too many e-mails, no reason not to believe the sender, or nothing obviously suspicious in the phishing e-mail. Individuals, however, see it differently. There is a substantial confidence among employees in their ability to recognize phishing e-mails, even the AI-powered ones. In a survey, regular employees expressed almost similar level of confidence, as cybersecurity professionals in being able to identify deepfakes of any form.With the development of generative AI, writing a phishing e-mail has become easier. Individuals with little to no technical skills have started buying the so-called, phishing- as-a-service (PhaaS) packages on dark web. These packages include different kinds of malicious software, malicious alternatives for common generative AI tools, as well as jailbreaking techniques. In such circumstances, strong cybersecurity posture is more than necessary.
