Global Phishing Statistics By AAG Business IT Support

• Google blocks around 100 million phishing emails every day.
• For Q1 2022, LinkedIn was the most imitated brand for phishing attempts globally. The top 5 most imitated brands in Q1 2022 were:
  • LinkedIn (52%)
  • DHL (14%)
  • Google (7%)
  • Microsoft (6%)
  • FedEx (6%)
• 45.56% of emails sent in 2021 were spam.
  • June 2021 had the highest percentage of spam emails sent, at 48.03%.
  • November 2021 had the lowest percentage of spam emails sent, at 43.7%.
• 24.77% of spam emails were sent from Russia. A further 14.12% of spam emails were sent from Germany. The top 5 origin countries for spam emails in 2021 were:
  • Russia (24.77%)
  • Germany (14.12%)
  • USA (10.46%)
  • China (8.73%)
  • Netherlands (4.75%)
• The most prevalent malware links found in phishing emails in 2021 were Trojans from the ‘Agensla’ family. These steal login credentials stored in browsers and credentials from emails.
• Phishing is considered the most disruptive form of cyber crime for UK businesses in 2022, tied with threat actors impersonating the organisation online.
• Millennials and Gen-Z internet users (18-40 year olds) are most likely to fall victim to phishing attacks – 23% compared to 19% of Generation X internet users (41-55 year olds).
• 90% of phishing attacks sent via messaging apps are sent through WhatsApp. The next highest percentage is Telegram, with 5.04%.
• Kaspersky detected 469 different ‘phishing kits’ in 2021. The cyber security vendor blocked 1.2 million phishing pages.
• In 2021, the average click rate for a phishing campaign was 17.8%. Phishing campaigns that were more targeted and added phone calls had an average click rate of 53.2% – 3 times more effective.
• A security scan of millions of emails found that of those that contained security threats:
  • 12% delivered malware
  • 6% were compromised business emails or CEO fraud
  • Of the credential phishing emails, 45% purported to be from Microsoft
  • A further 17% were finance-themed
  • 9.3% of the reported messages were malicious
  • Of this 9.3%, 38% just had a URL, while 36% had attachments
  • 100 unique malware families were discovered in the email scan
• Phishing was the top infection type at Asian organisations in 2021, with 43% of attacks in the continent. This is tied with vulnerability exploitation, and ahead of brute force attacks (7%) and the use of stolen credentials (7%).
• Phishing was also prevalent in European organisations through 2021, with 42% of attacks. This was just less than vulnerability exploitation (46%) and ahead of brute force attacks (12%).
• In North America, phishing was used in 47% of attacks against organisations in 2021, more than vulnerability exploitation (29%) and brute force (9%).
• In Latin America in 2021, phishing was also used in 47% of attacks against organisations, ahead of stolen credentials (29%) and vulnerability exploitation (18%).
• 40% of cyber attacks in 2021 against businesses in the manufacturing industry involved phishing.
  • For businesses in the finance industry, this percentage rises to 46% – phishing was the most common infection vector for cyber attacks in finance.
  • In the energy industry, 60% of attacks involved phishing.
  • 20% of cyber attacks against professional and business services (including law firms, accountants and architects) involved phishing in 2021.
  • Phishing was also the most common infection vector in the retail industry in 2021, with hackers using this method in 38% of attacks against businesses in this industry.
• In the UK, those aged 25-44 are considered the most likely to be targeted by phishing attempts.
• There has been a 57% increase in consumer and retail fraud from March 2020 to March 2022.
  • In 2022, 4.8% of fraud in the UK was related to Coronavirus. Scams included fraudsters sending emails or texts informing targets they needed to set up their next Covid jab – usually providing a link that would then tell them to enter their card details for an admin fee or to pay for the jab.
• In 2021 in the UK, there were a total of 8023 reports of social media hacking – a 23.5% increase from the previous year.
• The US IC3 department received reports from 24,299 victims of romance scams and confidence fraud in 2021. This amounted to more than $956 million lost.
  • The largest proportion of victims were those over 60 – 32% of the total.
  • 16% were aged between 50-59.
  • Just 2% were under 20.
• Sextortion was also a prevalent issue in 2021 in the US. Sextortion occurs when someone threatens to release sensitive photos, videos or information involving sexual acts if their demands are not met.
  • The IC3 department received more than 18,000 complaints in 2021 relating to sextortion. Victim losses amounted to more than $13.6 million.
• In 2021, around $100 million was lost in Canada due to online fraud.
• The most common online scams in Canada involve romance, accounting for $42.2 million of money lost, and investments.
• 34% of Canadians received phishing emails in the first 6 months of the pandemic.
• In 2021, the rate of identity theft in Canada was 18.76 per 100,000 of the population. This was a decrease over the 10-year high of 2020 (19.4 per 100,000), but was still higher than 2010-2019, where the rate ranged from 2.37 (in 2010) to 12.58 (in 2019).
• 14% of victims of business email compromise attacks in the US recovered none of their financial losses.
• 35% of breaches in the US involved social engineering in 2021.
• In 2022, 48.63% of all emails globally were spam.
  • However, over the course of 2022 the share of spam in global email traffic declined from 51.02% in Q1 to 46.16% in Q4.
  • February saw the highest percentage of spam in email traffic in 2022 at 52.78%.
  • December had the lowest percentage of spam sent, with 45.2% of emails considered spam.
• The US-based IC3 received 300,497 reports from victims of phishing in 2022.
• Business Email Compromise attacks cost US victims more than $2.7 billion in 2022.
• Between 2020 and 2021, cyber crime increased by 168% in the Asia-Pacific region, including phishing and zero-day attacks.
• Phishing incidents rose by 220% compared to annual averages at the height of the Covid-19 pandemic.
• Phishing is the most common form of attack against UK law firms – in 2016, 80% of surveyed law firms reported suffering phishing attempts.
  • The amounts stolen through phishing in the first quarter of 2017 were up 300% compared to the previous year.
• An average of 1.4 million phishing sites are created every month.
• Younger workers are five times more likely to make mistakes that result in security issues.
• A third of workers rarely think about cyber security when at work.
• 43% of people have compromised their work’s cyber security while working.
• Between 2022-2023, 79% of UK businesses that suffered a cyber attack reported that the attack type was phishing.
  • 31% identified others impersonating the organisation in emails or online as the attack vector.
• 83% of UK charities that suffered a cyber attack between 2022-2023 identified phishing as the attack type.

Notable Phishing Attacks

2015 FACC Whaling Attack

In late 2015 FACC, an. aerospace company specialising in aircraft components and systems, lost $47 million after a successful ‘whaling’ attack. In this case, the hackers impersonated the CEO of FACC to get an employee to send money.

Cyber criminals posed as FACC CEO Walter Stephen, sending an email to another employee requesting the transfer of funds for an ‘acquisition project’. The phishing attack was successful as the hackers managed to replicate Stephen’s writing style, lending legitimacy to the message so the unsuspecting employee would comply.

The attack was made public in early 2016, when FACC admitted the monetary loss and announced the immediate departure of the CEO. The employee who transferred the funds was also fired, along with the CFO of the company.

FACC managed to block around 10.9 million euros ($11.2 million) from being transferred, but the majority of the funds were sent to the fraudsters. This contributed to FACC recording losses of 23.4 million euros ($24 million) for the 2015/16 financial year.

2014 Sony Pictures Phishing Attack

The infamous 2014 Sony cyber attack saw up to 100 terabytes of data leaked from the entertainment giant, as well as extensive damage to servers and operational capacity.

While malware was used to exfiltrate the data and wipe Sony’s servers, initial access was granted through phishing emails sent to Sony executives. These emails asked for account verification, linking them to malicious sites that, when they entered their details, sent the executives’ usernames and passwords to the hackers.

The hacking group, called ‘The Guardians of Peace’ or ‘Lazarus’, were then able to access and steal information relating to employees, data on then-unreleased films and private correspondence.

The hackers claimed to have stolen 100 terabytes of data, but this has never been verified – around 40 gigabytes appeared online after the attack. The attack caused major damage to Sony’s internal systems. In the first quarter of 2015, the company set aside $15 million to deal with ongoing issues relating to the attack. In total, the attack cost Sony an estimated $100 million to resolve.

2021 Colonial Pipeline attack

The 2021 Colonial Pipeline attack was a massive cyber attack that temporarily shut down gasoline distribution across the east coast of the USA. This prompted a state of emergency to be declared in 18 states to avoid crippling shortages.

While most of the damage was caused by a ransomware attack that locked systems, the hackers gained entry to the network through a compromised password. The hackers were likely able to get this password through phishing or social engineering.

According to Colonial Pipeline Chief Executive Joseph Blount, the legacy account linked to this password did not have multifactor authentication in place, meaning there was no second step in place to ensure the person entering the password was authorised.

As such, Colonial Pipeline was forced to pay around $4.4 million to the hackers to regain control of their systems.

 Source: AAG Business IT Support