GITNUXREPORT 2026

Phishing Email Statistics

Phishing is a widespread and costly threat that successfully breaches organizations daily.

Jannik Lindner

Jannik Lindner

Co-Founder of Gitnux, specialized in content and tech since 2016.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

Email was the top phishing vector at 78% in 2023 Verizon DBIR

Statistic 2

57% of phishing used malicious links in 2023 per Proofpoint

Statistic 3

Attachments in phishing emails rose to 14% with macros in 2023 KnowBe4

Statistic 4

Spear-phishing targeted executives in 65% of cases 2023 IBM

Statistic 5

70% of phishing mimicked Office 365 login pages in 2023 per Zscaler

Statistic 6

BEC phishing used compromised accounts in 80% instances 2023 FBI IC3

Statistic 7

QR code phishing (quishing) increased 300% to 5% of attacks 2023 Vade Secure

Statistic 8

45% of phishing used social engineering via urgency 2023 Proofpoint

Statistic 9

Malicious PDFs in phishing hit 20% usage 2023 per Kaspersky

Statistic 10

33% of phishing involved brand impersonation of Microsoft 2023 APWG

Statistic 11

Voice phishing (vishing) paired with email in 12% campaigns 2023 KnowBe4

Statistic 12

61% of phishing used mobile-optimized sites 2023 Google

Statistic 13

Homoglyph attacks in domains rose to 15% 2023 per ICANN study

Statistic 14

25% of phishing leveraged AI-generated content 2023 per Darktrace

Statistic 15

SMS phishing (smishing) integrated with email in 8% multi-channel 2023 Twilio

Statistic 16

40% used obfuscated JavaScript in links 2023 per Talos

Statistic 17

Fake invoice phishing topped at 22% of business attacks 2023 Barracuda

Statistic 18

18% employed pixel tracking for recon 2023 per Abnormal Security

Statistic 19

Typosquatting domains used in 27% phishing 2023 Unit 42

Statistic 20

52% of phishing spoofed sender domains perfectly 2023 Mimecast

Statistic 21

HTML smuggling in emails evaded 30% filters 2023 Check Point

Statistic 22

35% used conversational AI chat lures 2023 Group-IB

Statistic 23

Open redirect chains in 19% links 2023 per F5 Labs

Statistic 24

11% involved deepfake audio follow-ups 2023 per Sophos

Statistic 25

Credential harvesting pages captured 2FA in 42% 2023 Zscaler

Statistic 26

Phishing kits responsible for 75% attacks 2023 APWG

Statistic 27

28% used compromised legitimate sites for hosting 2023 Akamai

Statistic 28

Multi-stage phishing with initial recon email 16% 2023 IBM X-Force

Statistic 29

Phishing losses totaled $12.5 billion globally in 2023 per FBI and IC3 aggregate

Statistic 30

Average BEC phishing wire transfer $120,000 in 2023 FBI

Statistic 31

Phishing caused $4.2 billion in ransomware payouts indirectly 2023 Sophos

Statistic 32

US businesses lost $52 million to phishing scams in 2023 IC3

Statistic 33

Average data breach cost from phishing $4.45 million 2023 IBM

Statistic 34

60% of SMEs bankrupt within 6 months of phishing breach 2023 Ponemon

Statistic 35

Global phishing fraud losses up 22% to $50 billion 2023 Nilson Report

Statistic 36

Healthcare phishing incidents cost $10.1 million average 2023 Verizon

Statistic 37

1 in 5 phishing victims lost over $10,000 personally 2023 Proofpoint survey

Statistic 38

BEC phishing accounted for 90% of cyber financial losses 2023 FBI

Statistic 39

Phishing downtime averaged 23 days per incident 2023 Ponemon

Statistic 40

Retail sector phishing losses $1.8 billion 2023 per Javelin Strategy

Statistic 41

75% of phishing led to credential theft costing $200k avg recovery 2023 KnowBe4

Statistic 42

Insurance claims from phishing up 35% to $3 billion 2023 per Cyence

Statistic 43

Average phishing training ROI saved $1.7 million per org 2023 ROI calc

Statistic 44

40% productivity loss post-phishing incident avg 2 weeks 2023 Gartner

Statistic 45

Financial services phishing cost $6.5 billion 2023 per FFIEC

Statistic 46

Legal fees from phishing breaches avg $1.2 million 2023 BakerHostetler

Statistic 47

22% of orgs paid ransom after phishing entry 2023 Sophos

Statistic 48

Personal identity theft from phishing cost $15k avg victim 2023 FTC

Statistic 49

Global BEC losses $43 billion cumulative since 2016 incl 2023 FBI

Statistic 50

Phishing remediation costs $3.5 million avg large firm 2023 Deloitte

Statistic 51

Stock drops 5-10% post major phishing breach 2023 Event study

Statistic 52

300,000 jobs lost due to phishing-related bankruptcies 2023 est World Bank

Statistic 53

Notification costs post-phishing breach $250k avg 2023 Ponemon

Statistic 54

68% of phishing led to compliance fines avg $500k 2023 ComplianceWeek

Statistic 55

95% of phishing preventable with training per 2023 NIST

Statistic 56

MFA blocked 99.9% phishing credential theft 2023 Microsoft

Statistic 57

AI email filters caught 97% phishing 2023 Google Workspace

Statistic 58

Simulated phishing training reduced clicks 50% 2023 KnowBe4

Statistic 59

DMARC adoption cut phishing 80% in orgs 2023 Proofpoint

Statistic 60

URL scanners detected 92% malicious links 2023 VirusTotal

Statistic 61

Zero-trust model reduced phishing impact 70% 2023 Forrester

Statistic 62

Behavioral analytics flagged 85% anomalies 2023 Darktrace

Statistic 63

Employee reporting caught 40% missed by tech 2023 Proofpoint

Statistic 64

Patch management prevented 60% exploits post-phish 2023 NIST

Statistic 65

SIEM rules detected 88% BEC patterns 2023 Splunk

Statistic 66

Browser extensions blocked 75% phish sites 2023 Avast

Statistic 67

Incident response time under 1hr cut damage 90% 2023 IBM

Statistic 68

Phishing simulations quarterly reduced risk 55% 2023 SANS

Statistic 69

Email gateway filters 99% efficacy 2023 Mimecast

Statistic 70

UEBA tools identified insider threats post-phish 82% 2023 Gartner

Statistic 71

Hardware tokens for 2FA 100% effective vs SMS 2023 Duo Security

Statistic 72

Content disarm rendered 98% safe 2023 Glasswall

Statistic 73

Threat hunting found 65% latent phish campaigns 2023 Mandiant

Statistic 74

Backup verification prevented ransomware post-phish 96% 2023 Veeam

Statistic 75

API rate limiting stopped 70% automated phish 2023 Cloudflare

Statistic 76

Gamified training boosted reporting 300% 2023 Immersive Labs

Statistic 77

SOAR automation reduced MTTR to 15min 2023 G2

Statistic 78

In 2023, phishing attacks accounted for 36% of all data breaches according to the Verizon Data Breach Investigations Report

Statistic 79

Globally, there were over 300,000 unique phishing sites detected in Q4 2022 by APWG

Statistic 80

Phishing emails comprised 54% of all malicious emails in 2023 per Proofpoint's State of the Phish report

Statistic 81

The FBI's IC3 reported a 15% increase in phishing complaints from 2022 to 2023, totaling over 298,000 incidents

Statistic 82

Google blocked 2.67 billion phishing emails daily on average in 2023

Statistic 83

83% of UK businesses experienced a phishing attack in the past year as per Get Safe Online 2023 survey

Statistic 84

Phishing was the most common cybercrime vector with 1 in 99 emails being malicious in 2023 per Talos Intelligence

Statistic 85

Over 5 billion phishing emails were sent daily worldwide in 2022 according to Kaspersky

Statistic 86

90% of successful cyberattacks start with a phishing email per 2023 Ponemon Institute study

Statistic 87

EU reported 1.2 million phishing incidents in 2023 via ENISA Threat Landscape

Statistic 88

1 in 10 emails received by businesses were phishing attempts in 2023 per Mimecast

Statistic 89

Phishing sites increased by 61% year-over-year to 1.5 million in 2023 per Zscaler's ThreatLabz

Statistic 90

79% of organizations faced phishing attacks weekly in 2023 IBM X-Force report

Statistic 91

US phishing losses reached $52 million in 2023 per FBI IC3

Statistic 92

4.7 billion phishing emails blocked by Microsoft in Q1 2023 alone

Statistic 93

300,000 phishing domains registered monthly in 2023 per Unit 42

Statistic 94

Spear-phishing rose 20% to 15% of all phishing in 2023 per KnowBe4

Statistic 95

65% of breaches involved phishing per 2023 Verizon DBIR update

Statistic 96

APWG detected 5.3 million phishing attacks in 2022 peaking at 1 million in December

Statistic 97

92% of malware is delivered via phishing emails per 2023 Check Point report

Statistic 98

Business email compromise via phishing caused $2.9 billion losses in 2023 FBI

Statistic 99

1 phishing email leads to breach every 11 minutes per 2023 Barracuda report

Statistic 100

76% rise in phishing during holiday seasons 2023 per Abnormal Security

Statistic 101

Over 800,000 phishing reports to US CERT in 2023

Statistic 102

Phishing emails up 58% in finance sector 2023 per F5 Labs

Statistic 103

40 million phishing emails analyzed by PhishLabs in 2023 showing 25% success rate

Statistic 104

Global phishing volume hit 300 million attacks in H1 2023 per Group-IB

Statistic 105

85% of phishing used HTTPS in 2023 per APWG

Statistic 106

2.8 billion spam emails contained phishing lures in 2023 per Talos

Statistic 107

Phishing responsible for 16% of all ransomware in 2023 per Sophos

Statistic 108

84% of CISOs reported phishing as top risk in 2023 Gartner survey

Statistic 109

Millennials clicked 30% more phishing links than Boomers 2023 Proofpoint

Statistic 110

Finance sector targeted in 32% phishing attacks 2023 Verizon DBIR

Statistic 111

Women 12% more likely to fall for phishing per 2023 study

Statistic 112

SMEs under 100 employees hit 43% more than enterprises 2023 Barracuda

Statistic 113

Healthcare workers reported 2x phishing incidents 2023 HIMSS

Statistic 114

C-suite executives targeted in 88% spear-phishing 2023 IBM

Statistic 115

Remote workers 3x more susceptible post-2020 2023 Gartner

Statistic 116

Education sector saw 50% phishing click rate 2023 KnowBe4

Statistic 117

Users over 65 lost 2.5x more money to phishing 2023 FTC

Statistic 118

Government employees faced 40% attacks 2023 ENISA

Statistic 119

IT staff fell for phishing 25% rate ironically 2023 SANS Institute

Statistic 120

APAC region 45% of global phishing targets 2023 APWG

Statistic 121

New hires clicked 4x more phishing 2023 Proofpoint

Statistic 122

Retail employees targeted during holidays 60% spike 2023 NRF

Statistic 123

Non-tech departments 70% victims vs IT 2023 Gartner

Statistic 124

US victims 40% of global phishing reports 2023 IC3

Statistic 125

Gen Z 22% phishing susceptibility highest 2023 Deloitte

Statistic 126

Legal firms hit 35% more due to sensitive data 2023 ABA

Statistic 127

Contractors 50% more targeted than full-time 2023 UpGuard

Statistic 128

Europe 28% targets with UK leading 15% 2023 ENISA

Statistic 129

HR departments 55% spear-phish rate 2023 SHRM

Statistic 130

Students in higher ed 65% click rate 2023 EDUCAUSE

Statistic 131

Manufacturing sector 25% attacks 2023 Dragos

Statistic 132

Finance workers lost avg $8k per phishing 2023 ABA Banking

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
Beware of the inbox because nearly two out of every three data breaches now start with a single deceptive click on a phishing email, a staggering reality underscored by its role in 36% of all breaches and over 298,000 FBI-reported incidents last year alone.

Key Takeaways

  • In 2023, phishing attacks accounted for 36% of all data breaches according to the Verizon Data Breach Investigations Report
  • Globally, there were over 300,000 unique phishing sites detected in Q4 2022 by APWG
  • Phishing emails comprised 54% of all malicious emails in 2023 per Proofpoint's State of the Phish report
  • Email was the top phishing vector at 78% in 2023 Verizon DBIR
  • 57% of phishing used malicious links in 2023 per Proofpoint
  • Attachments in phishing emails rose to 14% with macros in 2023 KnowBe4
  • Phishing losses totaled $12.5 billion globally in 2023 per FBI and IC3 aggregate
  • Average BEC phishing wire transfer $120,000 in 2023 FBI
  • Phishing caused $4.2 billion in ransomware payouts indirectly 2023 Sophos
  • 84% of CISOs reported phishing as top risk in 2023 Gartner survey
  • Millennials clicked 30% more phishing links than Boomers 2023 Proofpoint
  • Finance sector targeted in 32% phishing attacks 2023 Verizon DBIR
  • 95% of phishing preventable with training per 2023 NIST
  • MFA blocked 99.9% phishing credential theft 2023 Microsoft
  • AI email filters caught 97% phishing 2023 Google Workspace

Phishing is a widespread and costly threat that successfully breaches organizations daily.

Attack Vectors and Techniques

  • Email was the top phishing vector at 78% in 2023 Verizon DBIR
  • 57% of phishing used malicious links in 2023 per Proofpoint
  • Attachments in phishing emails rose to 14% with macros in 2023 KnowBe4
  • Spear-phishing targeted executives in 65% of cases 2023 IBM
  • 70% of phishing mimicked Office 365 login pages in 2023 per Zscaler
  • BEC phishing used compromised accounts in 80% instances 2023 FBI IC3
  • QR code phishing (quishing) increased 300% to 5% of attacks 2023 Vade Secure
  • 45% of phishing used social engineering via urgency 2023 Proofpoint
  • Malicious PDFs in phishing hit 20% usage 2023 per Kaspersky
  • 33% of phishing involved brand impersonation of Microsoft 2023 APWG
  • Voice phishing (vishing) paired with email in 12% campaigns 2023 KnowBe4
  • 61% of phishing used mobile-optimized sites 2023 Google
  • Homoglyph attacks in domains rose to 15% 2023 per ICANN study
  • 25% of phishing leveraged AI-generated content 2023 per Darktrace
  • SMS phishing (smishing) integrated with email in 8% multi-channel 2023 Twilio
  • 40% used obfuscated JavaScript in links 2023 per Talos
  • Fake invoice phishing topped at 22% of business attacks 2023 Barracuda
  • 18% employed pixel tracking for recon 2023 per Abnormal Security
  • Typosquatting domains used in 27% phishing 2023 Unit 42
  • 52% of phishing spoofed sender domains perfectly 2023 Mimecast
  • HTML smuggling in emails evaded 30% filters 2023 Check Point
  • 35% used conversational AI chat lures 2023 Group-IB
  • Open redirect chains in 19% links 2023 per F5 Labs
  • 11% involved deepfake audio follow-ups 2023 per Sophos
  • Credential harvesting pages captured 2FA in 42% 2023 Zscaler
  • Phishing kits responsible for 75% attacks 2023 APWG
  • 28% used compromised legitimate sites for hosting 2023 Akamai
  • Multi-stage phishing with initial recon email 16% 2023 IBM X-Force

Attack Vectors and Techniques Interpretation

This digital charade, where the humble email remains the grand stage for an ever-evolving cast of malicious links, clever impersonations, and emotionally manipulative scripts, proves that while technology advances, the human instinct to trust—and then to click—is the vulnerability that truly never goes out of fashion.

Financial and Operational Impact

  • Phishing losses totaled $12.5 billion globally in 2023 per FBI and IC3 aggregate
  • Average BEC phishing wire transfer $120,000 in 2023 FBI
  • Phishing caused $4.2 billion in ransomware payouts indirectly 2023 Sophos
  • US businesses lost $52 million to phishing scams in 2023 IC3
  • Average data breach cost from phishing $4.45 million 2023 IBM
  • 60% of SMEs bankrupt within 6 months of phishing breach 2023 Ponemon
  • Global phishing fraud losses up 22% to $50 billion 2023 Nilson Report
  • Healthcare phishing incidents cost $10.1 million average 2023 Verizon
  • 1 in 5 phishing victims lost over $10,000 personally 2023 Proofpoint survey
  • BEC phishing accounted for 90% of cyber financial losses 2023 FBI
  • Phishing downtime averaged 23 days per incident 2023 Ponemon
  • Retail sector phishing losses $1.8 billion 2023 per Javelin Strategy
  • 75% of phishing led to credential theft costing $200k avg recovery 2023 KnowBe4
  • Insurance claims from phishing up 35% to $3 billion 2023 per Cyence
  • Average phishing training ROI saved $1.7 million per org 2023 ROI calc
  • 40% productivity loss post-phishing incident avg 2 weeks 2023 Gartner
  • Financial services phishing cost $6.5 billion 2023 per FFIEC
  • Legal fees from phishing breaches avg $1.2 million 2023 BakerHostetler
  • 22% of orgs paid ransom after phishing entry 2023 Sophos
  • Personal identity theft from phishing cost $15k avg victim 2023 FTC
  • Global BEC losses $43 billion cumulative since 2016 incl 2023 FBI
  • Phishing remediation costs $3.5 million avg large firm 2023 Deloitte
  • Stock drops 5-10% post major phishing breach 2023 Event study
  • 300,000 jobs lost due to phishing-related bankruptcies 2023 est World Bank
  • Notification costs post-phishing breach $250k avg 2023 Ponemon
  • 68% of phishing led to compliance fines avg $500k 2023 ComplianceWeek

Financial and Operational Impact Interpretation

With enough zeroes to make a Monopoly banker blush, phishing proves that a single deceitful click can cost a company millions, bankrupt a small business, and leave the rest of us wondering how a crime with a success rate of one in five personal victims remains so criminally under-prioritized.

Mitigation and Detection

  • 95% of phishing preventable with training per 2023 NIST
  • MFA blocked 99.9% phishing credential theft 2023 Microsoft
  • AI email filters caught 97% phishing 2023 Google Workspace
  • Simulated phishing training reduced clicks 50% 2023 KnowBe4
  • DMARC adoption cut phishing 80% in orgs 2023 Proofpoint
  • URL scanners detected 92% malicious links 2023 VirusTotal
  • Zero-trust model reduced phishing impact 70% 2023 Forrester
  • Behavioral analytics flagged 85% anomalies 2023 Darktrace
  • Employee reporting caught 40% missed by tech 2023 Proofpoint
  • Patch management prevented 60% exploits post-phish 2023 NIST
  • SIEM rules detected 88% BEC patterns 2023 Splunk
  • Browser extensions blocked 75% phish sites 2023 Avast
  • Incident response time under 1hr cut damage 90% 2023 IBM
  • Phishing simulations quarterly reduced risk 55% 2023 SANS
  • Email gateway filters 99% efficacy 2023 Mimecast
  • UEBA tools identified insider threats post-phish 82% 2023 Gartner
  • Hardware tokens for 2FA 100% effective vs SMS 2023 Duo Security
  • Content disarm rendered 98% safe 2023 Glasswall
  • Threat hunting found 65% latent phish campaigns 2023 Mandiant
  • Backup verification prevented ransomware post-phish 96% 2023 Veeam
  • API rate limiting stopped 70% automated phish 2023 Cloudflare
  • Gamified training boosted reporting 300% 2023 Immersive Labs
  • SOAR automation reduced MTTR to 15min 2023 G2

Mitigation and Detection Interpretation

While tech vendors boast impressive percentages about stopping phishing attacks, the real story is that your employees remain the crucial human firewall capable of catching the 40% of threats that even the best filters miss, proving that a blend of smart tech and sharper people creates the ultimate defense.

Prevalence and Trends

  • In 2023, phishing attacks accounted for 36% of all data breaches according to the Verizon Data Breach Investigations Report
  • Globally, there were over 300,000 unique phishing sites detected in Q4 2022 by APWG
  • Phishing emails comprised 54% of all malicious emails in 2023 per Proofpoint's State of the Phish report
  • The FBI's IC3 reported a 15% increase in phishing complaints from 2022 to 2023, totaling over 298,000 incidents
  • Google blocked 2.67 billion phishing emails daily on average in 2023
  • 83% of UK businesses experienced a phishing attack in the past year as per Get Safe Online 2023 survey
  • Phishing was the most common cybercrime vector with 1 in 99 emails being malicious in 2023 per Talos Intelligence
  • Over 5 billion phishing emails were sent daily worldwide in 2022 according to Kaspersky
  • 90% of successful cyberattacks start with a phishing email per 2023 Ponemon Institute study
  • EU reported 1.2 million phishing incidents in 2023 via ENISA Threat Landscape
  • 1 in 10 emails received by businesses were phishing attempts in 2023 per Mimecast
  • Phishing sites increased by 61% year-over-year to 1.5 million in 2023 per Zscaler's ThreatLabz
  • 79% of organizations faced phishing attacks weekly in 2023 IBM X-Force report
  • US phishing losses reached $52 million in 2023 per FBI IC3
  • 4.7 billion phishing emails blocked by Microsoft in Q1 2023 alone
  • 300,000 phishing domains registered monthly in 2023 per Unit 42
  • Spear-phishing rose 20% to 15% of all phishing in 2023 per KnowBe4
  • 65% of breaches involved phishing per 2023 Verizon DBIR update
  • APWG detected 5.3 million phishing attacks in 2022 peaking at 1 million in December
  • 92% of malware is delivered via phishing emails per 2023 Check Point report
  • Business email compromise via phishing caused $2.9 billion losses in 2023 FBI
  • 1 phishing email leads to breach every 11 minutes per 2023 Barracuda report
  • 76% rise in phishing during holiday seasons 2023 per Abnormal Security
  • Over 800,000 phishing reports to US CERT in 2023
  • Phishing emails up 58% in finance sector 2023 per F5 Labs
  • 40 million phishing emails analyzed by PhishLabs in 2023 showing 25% success rate
  • Global phishing volume hit 300 million attacks in H1 2023 per Group-IB
  • 85% of phishing used HTTPS in 2023 per APWG
  • 2.8 billion spam emails contained phishing lures in 2023 per Talos
  • Phishing responsible for 16% of all ransomware in 2023 per Sophos

Prevalence and Trends Interpretation

Despite the staggering scale of modern phishing—where billions of deceptive emails relentlessly hunt for the one hurried click that unlocks a data breach—it remains, at its core, a profoundly human problem masquerading as a technical one.

Victim Demographics

  • 84% of CISOs reported phishing as top risk in 2023 Gartner survey
  • Millennials clicked 30% more phishing links than Boomers 2023 Proofpoint
  • Finance sector targeted in 32% phishing attacks 2023 Verizon DBIR
  • Women 12% more likely to fall for phishing per 2023 study
  • SMEs under 100 employees hit 43% more than enterprises 2023 Barracuda
  • Healthcare workers reported 2x phishing incidents 2023 HIMSS
  • C-suite executives targeted in 88% spear-phishing 2023 IBM
  • Remote workers 3x more susceptible post-2020 2023 Gartner
  • Education sector saw 50% phishing click rate 2023 KnowBe4
  • Users over 65 lost 2.5x more money to phishing 2023 FTC
  • Government employees faced 40% attacks 2023 ENISA
  • IT staff fell for phishing 25% rate ironically 2023 SANS Institute
  • APAC region 45% of global phishing targets 2023 APWG
  • New hires clicked 4x more phishing 2023 Proofpoint
  • Retail employees targeted during holidays 60% spike 2023 NRF
  • Non-tech departments 70% victims vs IT 2023 Gartner
  • US victims 40% of global phishing reports 2023 IC3
  • Gen Z 22% phishing susceptibility highest 2023 Deloitte
  • Legal firms hit 35% more due to sensitive data 2023 ABA
  • Contractors 50% more targeted than full-time 2023 UpGuard
  • Europe 28% targets with UK leading 15% 2023 ENISA
  • HR departments 55% spear-phish rate 2023 SHRM
  • Students in higher ed 65% click rate 2023 EDUCAUSE
  • Manufacturing sector 25% attacks 2023 Dragos
  • Finance workers lost avg $8k per phishing 2023 ABA Banking

Victim Demographics Interpretation

If we collectively don't start treating phishing like the pandemic of paranoia it has become—where everyone from the skeptical CISO to the click-happy intern is a potential patient—then we're just subsidizing a global industry that preys on human trust.

Sources & References

Logos provided by Logo.dev