Key Takeaways
- In 2023, the FBI's Internet Crime Complaint Center (IC3) reported 298,878 phishing-related complaints, representing a 24% increase from 2022 and accounting for 36% of all cybercrime complaints.
- Globally, the Anti-Phishing Working Group (APWG) detected 5.4 million unique phishing attacks in Q4 2023, a 47% rise quarter-over-quarter.
- Verizon's 2024 Data Breach Investigations Report found phishing involved in 32% of social engineering incidents across 30,000+ security events.
- In the US, IC3 data for 2023 showed phishing victims lost $18.7 million to business email compromise (BEC), a subset of phishing.
- Globally, phishing scams caused $52.1 billion in losses in 2023 according to Statista's cybersecurity report.
- Verizon DBIR 2024 estimated average financial loss from phishing-related breaches at $4.76 million per incident.
- 36% of phishing victims were aged 30-39, per IC3 2023 demographics.
- Women comprised 53% of phishing victims reporting to IC3 in 2023.
- Proofpoint 2024 found 74% of finance sector employees targeted by phishing weekly.
- Email phishing remains dominant at 91% of attacks, per APWG Q4 2023.
- Spear-phishing grew 20% in 2023, targeting specific individuals, Verizon DBIR.
- Smishing (SMS phishing) attacks rose 328% in 2023, per Proofpoint.
- Phishing attacks increased 58% from 2022 to 2023, APWG annual trends.
- Mobile phishing surged 161% in 2023, targeting banking apps, Proofpoint.
- AI-generated phishing emails rose 400% in late 2023, Microsoft report.
Phishing scams are surging globally and causing massive financial losses.
Financial Losses
- In the US, IC3 data for 2023 showed phishing victims lost $18.7 million to business email compromise (BEC), a subset of phishing.
- Globally, phishing scams caused $52.1 billion in losses in 2023 according to Statista's cybersecurity report.
- Verizon DBIR 2024 estimated average financial loss from phishing-related breaches at $4.76 million per incident.
- Proofpoint reported median ransomware payment from phishing vectors at $1.54 million in 2023.
- IBM found the average cost of a phishing-initiated data breach at $4.88 million in 2023.
- APWG's 2023 report linked phishing to $12.5 billion in direct financial theft from credential harvesting.
- In 2022, UK Action Fraud recorded £14.5 million lost to phishing scams by 88,000 victims.
- Australian Cyber Security Centre (ACSC) reported AU$33.5 million lost to phishing in 2023.
- Chainalysis 2024 Crypto Crime Report attributed $1.7 billion in crypto thefts to phishing attacks.
- FBI IC3 2023 noted $2.9 billion total losses from investment scams initiated via phishing.
- Global losses from phishing hit $43 billion in 2022, Cybersecurity Ventures.
- Average BEC phishing loss: $120,000 per incident, FBI 2023.
- Phishing led to $5.6 billion in US losses 2023, IC3.
- Ponemon 2023: Phishing breach recovery costs $5.9 million avg.
- EU phishing losses €1.8 billion in 2023, Europol.
- India reported ₹1,750 crore ($210M) phishing losses 2023, CERT-In.
- Dark web credential sales from phishing: $1.5M daily, Recorded Future.
Financial Losses Interpretation
Global Prevalence
- In 2023, the FBI's Internet Crime Complaint Center (IC3) reported 298,878 phishing-related complaints, representing a 24% increase from 2022 and accounting for 36% of all cybercrime complaints.
- Globally, the Anti-Phishing Working Group (APWG) detected 5.4 million unique phishing attacks in Q4 2023, a 47% rise quarter-over-quarter.
- Verizon's 2024 Data Breach Investigations Report found phishing involved in 32% of social engineering incidents across 30,000+ security events.
- Proofpoint's 2024 State of the Phish report indicated 84% of organizations experienced at least one successful phishing attack in the past year.
- IBM's 2023 Cost of a Data Breach Report noted phishing as the initial attack vector in 16% of breaches, up from 11% in 2020.
- In 2022, APWG recorded over 1.2 million phishing sites targeting financial institutions worldwide.
- Microsoft's Digital Defense Report 2023 identified 300 million daily phishing emails blocked, with a 30% year-over-year increase.
- Google reported blocking 2.1 billion phishing emails daily in 2023, equating to over 766 billion annually.
- KnowBe4's 2023 Phishing by Industry Benchmarking Report showed an average of 1 in 10.4 emails as malicious across sectors.
- ENISA's 2023 Threat Landscape reported phishing in 78% of analyzed cyber incidents in Europe.
- In Q1 2024, APWG saw 1.7 million phishing reports, highest ever.
- IC3 2023: Smishing complaints up 107% to 35,000.
- Epsilon 2023: 1 in 99 emails is phishing globally.
- Barracuda 2024: 83% of UK orgs hit by phishing.
- Cisco 2023: 90% of attacks start with phishing email.
- Keeper Security 2023: 52% of users reuse passwords exposed via phishing.
Global Prevalence Interpretation
Phishing Techniques
- Email phishing remains dominant at 91% of attacks, per APWG Q4 2023.
- Spear-phishing grew 20% in 2023, targeting specific individuals, Verizon DBIR.
- Smishing (SMS phishing) attacks rose 328% in 2023, per Proofpoint.
- Vishing (voice phishing) involved in 22% of social engineering, Verizon 2024.
- BEC phishing used 98% legitimate domains via spoofing, FBI IC3 2023.
- QR code phishing (quishing) increased 50% in 2023, APWG.
- 40% of phishing sites used HTTPS to appear legitimate, Google 2023.
- Malware delivery via phishing attachments hit 83% success rate in tests, KnowBe4.
- Pharming (DNS poisoning) detected in 7% of advanced phishing, ENISA 2023.
- 61% of phishing used brand impersonation of Microsoft, Proofpoint 2024.
- 56% of phishing used malicious links, APWG Q4 2023.
- Attachment phishing down to 5% but credential harvesters up, Proofpoint.
- 75% of phishing emails bypass filters, Egress 2023.
- URL shortener abuse in 30% of phishing, APWG.
- Business Email Compromise used CEO fraud in 60% cases, FBI.
- Evilginx2 framework used in 25% advanced phishing, Positive Tech.
- Homoglyph attacks (lookalike domains) in 15%, ICANN 2023.
- MFA fatigue attacks via phishing up 50%, Proofpoint.
Phishing Techniques Interpretation
Trends and Evolution
- Phishing attacks increased 58% from 2022 to 2023, APWG annual trends.
- Mobile phishing surged 161% in 2023, targeting banking apps, Proofpoint.
- AI-generated phishing emails rose 400% in late 2023, Microsoft report.
- Ransomware phishing as entry point grew to 23% of cases, IBM 2023.
- Deepfake voice phishing (vishing) incidents tripled in 2023, FTC alerts.
- Crypto phishing sites doubled to 45,000 in 2023, Chainalysis.
- Zero-day phishing exploits used in 12% more attacks, Verizon DBIR 2024.
- Multi-channel phishing (email+SMS) up 75%, KnowBe4 2023.
- Phishing volume peaked at 7.5M/week in Oct 2023, APWG.
- Brand impersonation shifted to DHL (up 300%), APWG 2023.
- GenAI phishing content 1,265% increase Q4 2023, SlashNext.
- Supply chain phishing up 40%, Mandiant M-Trends 2024.
- Gaming platform phishing doubled to 20% of attacks, APWG.
- Hybrid work increased phishing success by 23%, Microsoft.
- E-commerce phishing sites lifetime avg 24 hours down from 32, APWG.
- Detection rates improved to 99.9% for email but SMS lags, Google.
Trends and Evolution Interpretation
Victim Profiles
- 36% of phishing victims were aged 30-39, per IC3 2023 demographics.
- Women comprised 53% of phishing victims reporting to IC3 in 2023.
- Proofpoint 2024 found 74% of finance sector employees targeted by phishing weekly.
- KnowBe4 reported healthcare workers phished at 2.5x the industry average rate.
- 22% of phishing victims were over 60 years old, according to AARP Fraud Watch 2023.
- Verizon DBIR 2024 showed executives (C-suite) 4x more likely to fall for phishing than general staff.
- In education sector, 91% of staff received phishing emails, per Proofpoint.
- IC3 2023 data: 41% of victims had bachelor's degree or higher education.
- Rural residents reported phishing victimization 15% higher than urban, per FTC 2023.
- Millennials (25-40) accounted for 45% of BEC phishing losses, FBI 2023.
- 65+ age group lost $3.4 billion to scams including phishing, FTC 2023.
- Finance pros clicked 1.5x more phishing links, Proofpoint.
- 68% of breaches involved privileged users via phishing, Verizon.
- Small businesses (under 100 emp) 43% victimization rate, SBA 2023.
- Gen Z phished at 28% rate vs 18% boomers, KnowBe4.
- IT staff fell for 15% of tests vs 5% avg, Proofpoint 2024.
- 55% of victims earned $50k-$100k annually, IC3 2023.
- Southeast Asia saw 42% of global phishing, APWG 2023.
Victim Profiles Interpretation
Sources & References
- Reference 1IC3ic3.govVisit source
- Reference 2DOCSdocs.apwg.orgVisit source
- Reference 3VERIZONverizon.comVisit source
- Reference 4PROOFPOINTproofpoint.comVisit source
- Reference 5IBMibm.comVisit source
- Reference 6APWGapwg.orgVisit source
- Reference 7MICROSOFTmicrosoft.comVisit source
- Reference 8BLOGblog.googleVisit source
- Reference 9KNOWBE4knowbe4.comVisit source
- Reference 10ENISAenisa.europa.euVisit source
- Reference 11STATISTAstatista.comVisit source
- Reference 12ACTIONFRAUDactionfraud.police.ukVisit source
- Reference 13CYBERcyber.gov.auVisit source
- Reference 14CHAINALYSISchainalysis.comVisit source
- Reference 15AARPaarp.orgVisit source
- Reference 16FTCftc.govVisit source
- Reference 17EPSILONepsilon.comVisit source
- Reference 18BARRACUDAbarracuda.comVisit source
- Reference 19CISCOcisco.comVisit source
- Reference 20KEEPERSECURITYkeepersecurityVisit source
- Reference 21CYBERSECURITYVENTUREScybersecurityventures.comVisit source
- Reference 22PONEMONponemon.orgVisit source
- Reference 23EUROPOLeuropol.europa.euVisit source
- Reference 24CERT-INcert-in.org.inVisit source
- Reference 25RECORDEDFUTURErecordedfuture.comVisit source






