Phishing is possibly the most dangerous threat to personal and business data in the world.
If you’re not convinced, take a look at the following top 10 phishing facts, you’ll be amazed and terrified.
You should also note, phishing is a favored approach by cybercriminals for three reasons:
1. It’s Easy To Do
You don’t need to be a master criminal to start phishing.
There are plenty of tools available which will help you create a viable and genuine-looking phishing email.
That means virtually anyone can do it, even if you are new to being a cybercriminal.
2. Low Cost
Phishing costs very little. There may be a small charge to purchase a package that helps with page creation.
Of course, this software only needs to be bought once, allowing multiple phishing attacks to be launched.
3. Phishing Works
The bottom line is simple, when you launch a phishing attack you can target hundreds or thousands of people at the same time. Some will fall for the scam.
In short, it works.
What Is Phishing?
Phishing involves creating an email which can be sent to multiple people.
The email will appear to be from an official source, such as your bank.
In most cases the email will alert you to an issue with your account and ask that you sign in to verify everything is okay.
It appears genuine, encouraging you to click on the provided link and log into your account.
Unfortunately, the provided link takes you to a webpage that looks like the real thing.
Instead of you logging into your account, you are providing the cybercriminal with your login details.
You probably won’t realize straight away as it will simply refuse to log you into your account.
The cybercriminals then have your information and can log into your accounts and access personal and business data.
That allows the cybercriminal to steal your money or take the data for future use, such as to blackmail you.
There are many versions of phishing but they all encourage the same response: for you to give your personal details to the hacker.
Key Facts
- Phishing emails are responsible for 9 out of 10 cyberattacks
- 75% of us companies have lost data after a phishing attack
- 35% of ransomware attacks arrive via email
- There was a 74% increase in phishing attacks in 2022
- 14% of businesses failed to recover financial losses after a phishing attack
- 1 in 3 employees will click a phishing link
- 47% of employees are too distracted to see phishing emails
- 76% of phishing emails are targeted
- Smaller organizations are more likely to be attacked
- 67% of phishing attacks have blank subject lines
Top 10 Phishing Facts in 2025
1. Phishing Emails Are Responsible For 9 Out Of 10 Cyberattacks
Google’s research into the origin of cyberattacks concluded that 9 out of 10 cyberattacks start with phishing.
The sheer ease by which phishing emails can be sent means they can be sent to large numbers of people.
The law of averages helps to ensure that the greater the number of people contacted the higher the probability of success.
In other words, send a million phishing emails and you’ll get several thousand responses.
This approach gives a cyberattacker everything they need to launch an attack on your systems and steal data.
Hence why 9 out of 10 cyberattacks start with a phishing email.
(Google)
2. 75% Of US Companies Have Lost Data After A Phishing Attack
It’s truly amazing to discover that 75% of US businesses have been the subject of a phishing attack and lost data.
These are just the reported cases, many businesses and individuals are too embarrassed or worried about their reputation to admit having been a victim.
The truth is, almost every business has someone that will click a link without thinking, inadvertently opening the business to cyber attackers.
The high-success rate is why businesses are targeted.
(APWG)
3. 35% Of Ransomware Attacks Arrive Via Email
Ransomware is a serious concern for any business.
A single attack can cost you thousands, failing to pay may result in the loss of all data which will lead to serious reputational damage.
For a ransomware attack to be successful the software needs to be downloaded into your system.
This is the most difficult part yet, in 35% of cases, attackers achieve the desired result by simply sending a phishing email.
Anyone who clicks on the link will introduce the virus into the system and give you a headache.
(Verizon Data Breach Report)
4. There Was A 74% Increase In Phishing Attacks in 2022
Phishing is simple, effective, and there has been an increase in the availability of phishing kits.
Combine those factors and it’s not surprising that there has been a massive increase in phishing attacks.
The 74% increase is simply a reflection of the fact this approach works.
(Verizon Data Breach Report)
5. 14% Of Businesses Failed To Recover Financial Losses After A Phishing Attack
Businesses lose anything between $250 and $1 million thanks to a single phishing attack.
It’s little wonder that so many attacks are launched.
As a business owner you should be particularly concerned as 14% of businesses are unable to recover their financial losses.
This could be due to a lack of insurance, failure to follow procedures, or simply not claiming.
While a financial loss can be absorbed by the business, it depends on the size of the loss.
In some cases it causes the closure of the business.
(Verizon Data Breach Report)
6. 1 In 3 Employees Will Click A Phishing Link
A recent survey showed that one in three employees will click a phishing link without realizing they are being scammed.
Worryingly, one in eight employees will not realize after opening the link and will provide the information the attacker wants.
It’s worth noting the survey sent over 400,00 fake phishing emails and nearly half the people targeted opened the email.
Clearly businesses have a long way to go when it comes to educating employees about phishing.
(Keepnet Labs)
7. 47% Of Employees Are Too Distracted To See Phishing Emails
Terranova Security releases a phishing test annually in conjunction with Microsoft.
The most recent test revealed that 47% of employees don’t even recognize phishing emails for what they are because there are too many other distractions in their working day.
An impressive 41% of people click on phishing links because they are too tired to spot the difference.
It appears tiredness is a bigger issue in the US than in Europe.
(Terranova Security Annual Phishing Report)
8. 76% Of Phishing Emails Are Targeted
Phishing is the biggest data breach threat and has been for the last three years.
What may surprise you is that a recent survey showed that 76% of phishing emails are targeted.
This is a change as phishing emails were normally sent randomly, relying on bulk to create opportunities.
The latest report shows social engineering is increasingly being used to help define the best phishing targets.
It creates a more personal approach, increasing the chance of the phishing attempt being successful.
(Verizon)
9. Smaller Organizations Are More Likely To Be Attacked
You may assume that larger organizations are hacked more because they have greater amounts of data and, with more employees, there is a higher chance of finding a weak link.
However, statistics show that smaller organizations are increasingly being targeted.
They generally have less security, making them easier targets.
They also are less likely to file complaints and follow through with locating the cybercriminals.
(Verizon)
10. 67% Of Phishing Attacks Have Blank Subject Lines
Despite advancements in technology and phishing programs, many cybercriminals send out multiple phishing emails and leave the subject line blank.
This is to encourage people to open the email.
Fake subject lines are often picked up by spam detectors and prevented from reaching the destination.
Removing the subject line helps to ensure the email makes it to the intended target.
As many as 67% of phishing emails have nothing in the subject line!
(Atlas VPN)
How To Detect And Avoid Phishing Attacks
Once you realize how serious and large an issue phishing is you’ll want to do something about it.
The good news is there are several things you can do to help prevent you or your business from becoming a victim.
Training
The first step is to train your staff. Make sure they are aware of what a phishing email is and why it is important not to click on the link.
All staff should be trained to check the sender and subject line before opening an email.
If they don’t recognize them, have concerns, or they are missing then the email should be checked by the IT department.
If you don’t have an It department then open the email carefully and do not click on any links or provide any business or personal information.
Don’t forget, most phishing emails will present you with one of the following scenarios:
- Tell you there is suspicious activity on your account
- Advise you regarding a problem with your payment information
- Ask for you to confirm a personal detail
- Chase payment for an invoice which you probably don’t recognise
- Include a link in the email that they want you to click on
- Tell you that you’re getting a refund, you just need to register for it
Don’t Click On Links
This is the simplest thing to remember and the most important.
Phishing emails have links, they are designed so that you click on them and then input your login details.
You’ll assume you are logging into your account when you are actually giving your personal information away.
The bottom line is simple, never click on the links. If you need to verify an account detail, open your browser and login manually.
This will prevent any cybercriminal from getting information from you.
Use Security Software
You should have antivirus and malware software on your computer. Having it isn’t enough, you also need to make sure it is updated regularly.
The best idea is to set all your software to update automatically. It won’t protect you from phishing by itself but it will help detect phishing attempts and warn you.
Back Up
Backing up won’t prevent a phishing attack. However, it does mean you won’t lose all your data because your device has been hacked or you have become the victim of a ransomware attack via phishing.
The more regularly you back up your data the easier it will be to restore your system without losing anything after an attack.
Summing Up
The top 10 phishing facts highlight one big issue. Phishing is a growing issue and can cause a serious amount of damage to any business.
Take a moment to read and re-read the statistics. Then, encourage everyone you know to do the same.
The greater the number of people educated regarding this issue the less likely it is that you’ll have to deal with data loss via phishing.
That leaves you free to focus on growing your business.
Don’t forget, if you click on a link and believe it might be a phishing link then update your security software and run it to find any malware or other issues.
If you’ve given out information, contact the relevant financial institution straightaway to minimize any damage or financial loss.