GITNUXREPORT 2026

Phishing Scams Statistics

Phishing scams are surging globally and causing massive financial losses.

Sarah Mitchell

Senior Researcher specializing in consumer behavior and market trends.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Statistic 1

In the US, IC3 data for 2023 showed phishing victims lost $18.7 million to business email compromise (BEC), a subset of phishing.

Statistic 2

Globally, phishing scams caused $52.1 billion in losses in 2023 according to Statista's cybersecurity report.

Statistic 3

Verizon DBIR 2024 estimated average financial loss from phishing-related breaches at $4.76 million per incident.

Statistic 4

Proofpoint reported median ransomware payment from phishing vectors at $1.54 million in 2023.

Statistic 5

IBM found the average cost of a phishing-initiated data breach at $4.88 million in 2023.

Statistic 6

APWG's 2023 report linked phishing to $12.5 billion in direct financial theft from credential harvesting.

Statistic 7

In 2022, UK Action Fraud recorded £14.5 million lost to phishing scams by 88,000 victims.

Statistic 8

Australian Cyber Security Centre (ACSC) reported AU$33.5 million lost to phishing in 2023.

Statistic 9

Chainalysis 2024 Crypto Crime Report attributed $1.7 billion in crypto thefts to phishing attacks.

Statistic 10

FBI IC3 2023 noted $2.9 billion total losses from investment scams initiated via phishing.

Statistic 11

Global losses from phishing hit $43 billion in 2022, Cybersecurity Ventures.

Statistic 12

Average BEC phishing loss: $120,000 per incident, FBI 2023.

Statistic 13

Phishing led to $5.6 billion in US losses 2023, IC3.

Statistic 14

Ponemon 2023: Phishing breach recovery costs $5.9 million avg.

Statistic 15

EU phishing losses €1.8 billion in 2023, Europol.

Statistic 16

India reported ₹1,750 crore ($210M) phishing losses 2023, CERT-In.

Statistic 17

Dark web credential sales from phishing: $1.5M daily, Recorded Future.

Statistic 18

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported 298,878 phishing-related complaints, representing a 24% increase from 2022 and accounting for 36% of all cybercrime complaints.

Statistic 19

Globally, the Anti-Phishing Working Group (APWG) detected 5.4 million unique phishing attacks in Q4 2023, a 47% rise quarter-over-quarter.

Statistic 20

Verizon's 2024 Data Breach Investigations Report found phishing involved in 32% of social engineering incidents across 30,000+ security events.

Statistic 21

Proofpoint's 2024 State of the Phish report indicated 84% of organizations experienced at least one successful phishing attack in the past year.

Statistic 22

IBM's 2023 Cost of a Data Breach Report noted phishing as the initial attack vector in 16% of breaches, up from 11% in 2020.

Statistic 23

In 2022, APWG recorded over 1.2 million phishing sites targeting financial institutions worldwide.

Statistic 24

Microsoft's Digital Defense Report 2023 identified 300 million daily phishing emails blocked, with a 30% year-over-year increase.

Statistic 25

Google reported blocking 2.1 billion phishing emails daily in 2023, equating to over 766 billion annually.

Statistic 26

KnowBe4's 2023 Phishing by Industry Benchmarking Report showed an average of 1 in 10.4 emails as malicious across sectors.

Statistic 27

ENISA's 2023 Threat Landscape reported phishing in 78% of analyzed cyber incidents in Europe.

Statistic 28

In Q1 2024, APWG saw 1.7 million phishing reports, highest ever.

Statistic 29

IC3 2023: Smishing complaints up 107% to 35,000.

Statistic 30

Epsilon 2023: 1 in 99 emails is phishing globally.

Statistic 31

Barracuda 2024: 83% of UK orgs hit by phishing.

Statistic 32

Cisco 2023: 90% of attacks start with phishing email.

Statistic 33

Keeper Security 2023: 52% of users reuse passwords exposed via phishing.

Statistic 34

Email phishing remains dominant at 91% of attacks, per APWG Q4 2023.

Statistic 35

Spear-phishing grew 20% in 2023, targeting specific individuals, Verizon DBIR.

Statistic 36

Smishing (SMS phishing) attacks rose 328% in 2023, per Proofpoint.

Statistic 37

Vishing (voice phishing) involved in 22% of social engineering, Verizon 2024.

Statistic 38

BEC phishing used 98% legitimate domains via spoofing, FBI IC3 2023.

Statistic 39

QR code phishing (quishing) increased 50% in 2023, APWG.

Statistic 40

40% of phishing sites used HTTPS to appear legitimate, Google 2023.

Statistic 41

Malware delivery via phishing attachments hit 83% success rate in tests, KnowBe4.

Statistic 42

Pharming (DNS poisoning) detected in 7% of advanced phishing, ENISA 2023.

Statistic 43

61% of phishing used brand impersonation of Microsoft, Proofpoint 2024.

Statistic 44

56% of phishing used malicious links, APWG Q4 2023.

Statistic 45

Attachment phishing down to 5% but credential harvesters up, Proofpoint.

Statistic 46

75% of phishing emails bypass filters, Egress 2023.

Statistic 47

URL shortener abuse in 30% of phishing, APWG.

Statistic 48

Business Email Compromise used CEO fraud in 60% cases, FBI.

Statistic 49

Evilginx2 framework used in 25% advanced phishing, Positive Tech.

Statistic 50

Homoglyph attacks (lookalike domains) in 15%, ICANN 2023.

Statistic 51

MFA fatigue attacks via phishing up 50%, Proofpoint.

Statistic 52

Phishing attacks increased 58% from 2022 to 2023, APWG annual trends.

Statistic 53

Mobile phishing surged 161% in 2023, targeting banking apps, Proofpoint.

Statistic 54

AI-generated phishing emails rose 400% in late 2023, Microsoft report.

Statistic 55

Ransomware phishing as entry point grew to 23% of cases, IBM 2023.

Statistic 56

Deepfake voice phishing (vishing) incidents tripled in 2023, FTC alerts.

Statistic 57

Crypto phishing sites doubled to 45,000 in 2023, Chainalysis.

Statistic 58

Zero-day phishing exploits used in 12% more attacks, Verizon DBIR 2024.

Statistic 59

Multi-channel phishing (email+SMS) up 75%, KnowBe4 2023.

Statistic 60

Phishing volume peaked at 7.5M/week in Oct 2023, APWG.

Statistic 61

Brand impersonation shifted to DHL (up 300%), APWG 2023.

Statistic 62

GenAI phishing content 1,265% increase Q4 2023, SlashNext.

Statistic 63

Supply chain phishing up 40%, Mandiant M-Trends 2024.

Statistic 64

Gaming platform phishing doubled to 20% of attacks, APWG.

Statistic 65

Hybrid work increased phishing success by 23%, Microsoft.

Statistic 66

E-commerce phishing sites lifetime avg 24 hours down from 32, APWG.

Statistic 67

Detection rates improved to 99.9% for email but SMS lags, Google.

Statistic 68

36% of phishing victims were aged 30-39, per IC3 2023 demographics.

Statistic 69

Women comprised 53% of phishing victims reporting to IC3 in 2023.

Statistic 70

Proofpoint 2024 found 74% of finance sector employees targeted by phishing weekly.

Statistic 71

KnowBe4 reported healthcare workers phished at 2.5x the industry average rate.

Statistic 72

22% of phishing victims were over 60 years old, according to AARP Fraud Watch 2023.

Statistic 73

Verizon DBIR 2024 showed executives (C-suite) 4x more likely to fall for phishing than general staff.

Statistic 74

In education sector, 91% of staff received phishing emails, per Proofpoint.

Statistic 75

IC3 2023 data: 41% of victims had bachelor's degree or higher education.

Statistic 76

Rural residents reported phishing victimization 15% higher than urban, per FTC 2023.

Statistic 77

Millennials (25-40) accounted for 45% of BEC phishing losses, FBI 2023.

Statistic 78

65+ age group lost $3.4 billion to scams including phishing, FTC 2023.

Statistic 79

Finance pros clicked 1.5x more phishing links, Proofpoint.

Statistic 80

68% of breaches involved privileged users via phishing, Verizon.

Statistic 81

Small businesses (under 100 emp) 43% victimization rate, SBA 2023.

Statistic 82

Gen Z phished at 28% rate vs 18% boomers, KnowBe4.

Statistic 83

IT staff fell for 15% of tests vs 5% avg, Proofpoint 2024.

Statistic 84

55% of victims earned $50k-$100k annually, IC3 2023.

Statistic 85

Southeast Asia saw 42% of global phishing, APWG 2023.

1/85

Sources

Trusted by 500+ publications

+497

While over 766 billion phishing emails were blocked last year alone, a staggering 84% of organizations still fell victim to these increasingly sophisticated scams, costing billions and proving that no one is truly safe from the hook.

Key Takeaways

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported 298,878 phishing-related complaints, representing a 24% increase from 2022 and accounting for 36% of all cybercrime complaints.
Globally, the Anti-Phishing Working Group (APWG) detected 5.4 million unique phishing attacks in Q4 2023, a 47% rise quarter-over-quarter.
Verizon's 2024 Data Breach Investigations Report found phishing involved in 32% of social engineering incidents across 30,000+ security events.
In the US, IC3 data for 2023 showed phishing victims lost $18.7 million to business email compromise (BEC), a subset of phishing.
Globally, phishing scams caused $52.1 billion in losses in 2023 according to Statista's cybersecurity report.
Verizon DBIR 2024 estimated average financial loss from phishing-related breaches at $4.76 million per incident.
36% of phishing victims were aged 30-39, per IC3 2023 demographics.
Women comprised 53% of phishing victims reporting to IC3 in 2023.
Proofpoint 2024 found 74% of finance sector employees targeted by phishing weekly.
Email phishing remains dominant at 91% of attacks, per APWG Q4 2023.
Spear-phishing grew 20% in 2023, targeting specific individuals, Verizon DBIR.
Smishing (SMS phishing) attacks rose 328% in 2023, per Proofpoint.
Phishing attacks increased 58% from 2022 to 2023, APWG annual trends.
Mobile phishing surged 161% in 2023, targeting banking apps, Proofpoint.
AI-generated phishing emails rose 400% in late 2023, Microsoft report.

Phishing scams are surging globally and causing massive financial losses.

Financial Losses

In the US, IC3 data for 2023 showed phishing victims lost $18.7 million to business email compromise (BEC), a subset of phishing.
Globally, phishing scams caused $52.1 billion in losses in 2023 according to Statista's cybersecurity report.
Verizon DBIR 2024 estimated average financial loss from phishing-related breaches at $4.76 million per incident.
Proofpoint reported median ransomware payment from phishing vectors at $1.54 million in 2023.
IBM found the average cost of a phishing-initiated data breach at $4.88 million in 2023.
APWG's 2023 report linked phishing to $12.5 billion in direct financial theft from credential harvesting.
In 2022, UK Action Fraud recorded £14.5 million lost to phishing scams by 88,000 victims.
Australian Cyber Security Centre (ACSC) reported AU$33.5 million lost to phishing in 2023.
Chainalysis 2024 Crypto Crime Report attributed $1.7 billion in crypto thefts to phishing attacks.
FBI IC3 2023 noted $2.9 billion total losses from investment scams initiated via phishing.
Global losses from phishing hit $43 billion in 2022, Cybersecurity Ventures.
Average BEC phishing loss: $120,000 per incident, FBI 2023.
Phishing led to $5.6 billion in US losses 2023, IC3.
Ponemon 2023: Phishing breach recovery costs $5.9 million avg.
EU phishing losses €1.8 billion in 2023, Europol.
India reported ₹1,750 crore ($210M) phishing losses 2023, CERT-In.
Dark web credential sales from phishing: $1.5M daily, Recorded Future.

Financial Losses Interpretation

While the collective digital vigilance of humanity is impressive, these numbers prove it's currently no match for the staggering, multi-billion dollar grift of a well-crafted email.

Global Prevalence

In 2023, the FBI's Internet Crime Complaint Center (IC3) reported 298,878 phishing-related complaints, representing a 24% increase from 2022 and accounting for 36% of all cybercrime complaints.
Globally, the Anti-Phishing Working Group (APWG) detected 5.4 million unique phishing attacks in Q4 2023, a 47% rise quarter-over-quarter.
Verizon's 2024 Data Breach Investigations Report found phishing involved in 32% of social engineering incidents across 30,000+ security events.
Proofpoint's 2024 State of the Phish report indicated 84% of organizations experienced at least one successful phishing attack in the past year.
IBM's 2023 Cost of a Data Breach Report noted phishing as the initial attack vector in 16% of breaches, up from 11% in 2020.
In 2022, APWG recorded over 1.2 million phishing sites targeting financial institutions worldwide.
Microsoft's Digital Defense Report 2023 identified 300 million daily phishing emails blocked, with a 30% year-over-year increase.
Google reported blocking 2.1 billion phishing emails daily in 2023, equating to over 766 billion annually.
KnowBe4's 2023 Phishing by Industry Benchmarking Report showed an average of 1 in 10.4 emails as malicious across sectors.
ENISA's 2023 Threat Landscape reported phishing in 78% of analyzed cyber incidents in Europe.
In Q1 2024, APWG saw 1.7 million phishing reports, highest ever.
IC3 2023: Smishing complaints up 107% to 35,000.
Epsilon 2023: 1 in 99 emails is phishing globally.
Barracuda 2024: 83% of UK orgs hit by phishing.
Cisco 2023: 90% of attacks start with phishing email.
Keeper Security 2023: 52% of users reuse passwords exposed via phishing.

Global Prevalence Interpretation

This avalanche of data paints a stark and unavoidable truth: phishing is no longer a nuisance but a global pandemic, with an army of billions of deceptive emails relentlessly battering our collective digital door, and humanity's habit of clicking first and thinking later is proving to be its own worst enemy.

Phishing Techniques

Email phishing remains dominant at 91% of attacks, per APWG Q4 2023.
Spear-phishing grew 20% in 2023, targeting specific individuals, Verizon DBIR.
Smishing (SMS phishing) attacks rose 328% in 2023, per Proofpoint.
Vishing (voice phishing) involved in 22% of social engineering, Verizon 2024.
BEC phishing used 98% legitimate domains via spoofing, FBI IC3 2023.
QR code phishing (quishing) increased 50% in 2023, APWG.
40% of phishing sites used HTTPS to appear legitimate, Google 2023.
Malware delivery via phishing attachments hit 83% success rate in tests, KnowBe4.
Pharming (DNS poisoning) detected in 7% of advanced phishing, ENISA 2023.
61% of phishing used brand impersonation of Microsoft, Proofpoint 2024.
56% of phishing used malicious links, APWG Q4 2023.
Attachment phishing down to 5% but credential harvesters up, Proofpoint.
75% of phishing emails bypass filters, Egress 2023.
URL shortener abuse in 30% of phishing, APWG.
Business Email Compromise used CEO fraud in 60% cases, FBI.
Evilginx2 framework used in 25% advanced phishing, Positive Tech.
Homoglyph attacks (lookalike domains) in 15%, ICANN 2023.
MFA fatigue attacks via phishing up 50%, Proofpoint.

Phishing Techniques Interpretation

It appears the digital con artists have taken a "more is more" approach, as the once-simple deceptive email has now metastasized into a multi-channel symphony of scams where your text messages, phone calls, and even QR codes are all vying to be the most creative way to relieve you of your login credentials.

Trends and Evolution

Phishing attacks increased 58% from 2022 to 2023, APWG annual trends.
Mobile phishing surged 161% in 2023, targeting banking apps, Proofpoint.
AI-generated phishing emails rose 400% in late 2023, Microsoft report.
Ransomware phishing as entry point grew to 23% of cases, IBM 2023.
Deepfake voice phishing (vishing) incidents tripled in 2023, FTC alerts.
Crypto phishing sites doubled to 45,000 in 2023, Chainalysis.
Zero-day phishing exploits used in 12% more attacks, Verizon DBIR 2024.
Multi-channel phishing (email+SMS) up 75%, KnowBe4 2023.
Phishing volume peaked at 7.5M/week in Oct 2023, APWG.
Brand impersonation shifted to DHL (up 300%), APWG 2023.
GenAI phishing content 1,265% increase Q4 2023, SlashNext.
Supply chain phishing up 40%, Mandiant M-Trends 2024.
Gaming platform phishing doubled to 20% of attacks, APWG.
Hybrid work increased phishing success by 23%, Microsoft.
E-commerce phishing sites lifetime avg 24 hours down from 32, APWG.
Detection rates improved to 99.9% for email but SMS lags, Google.

Trends and Evolution Interpretation

The threat landscape has dramatically evolved from crude mass emails to a sophisticated, AI-powered, and alarmingly effective multi-channel blitz, proving that the only thing growing faster than our detection rates is the criminals' ingenuity in exploiting our digital habits.

Victim Profiles

36% of phishing victims were aged 30-39, per IC3 2023 demographics.
Women comprised 53% of phishing victims reporting to IC3 in 2023.
Proofpoint 2024 found 74% of finance sector employees targeted by phishing weekly.
KnowBe4 reported healthcare workers phished at 2.5x the industry average rate.
22% of phishing victims were over 60 years old, according to AARP Fraud Watch 2023.
Verizon DBIR 2024 showed executives (C-suite) 4x more likely to fall for phishing than general staff.
In education sector, 91% of staff received phishing emails, per Proofpoint.
IC3 2023 data: 41% of victims had bachelor's degree or higher education.
Rural residents reported phishing victimization 15% higher than urban, per FTC 2023.
Millennials (25-40) accounted for 45% of BEC phishing losses, FBI 2023.
65+ age group lost $3.4 billion to scams including phishing, FTC 2023.
Finance pros clicked 1.5x more phishing links, Proofpoint.
68% of breaches involved privileged users via phishing, Verizon.
Small businesses (under 100 emp) 43% victimization rate, SBA 2023.
Gen Z phished at 28% rate vs 18% boomers, KnowBe4.
IT staff fell for 15% of tests vs 5% avg, Proofpoint 2024.
55% of victims earned $50k-$100k annually, IC3 2023.
Southeast Asia saw 42% of global phishing, APWG 2023.

Victim Profiles Interpretation

Scammers clearly operate a sophisticated and disturbingly effective “something for everyone” phishing strategy, expertly tailored to exploit the specific pressures and vulnerabilities of every age, income bracket, job role, and geography.

Sources & References

Logos provided by Logo.dev