Please fill in the form below to subscribe to our blog

10 Alarming Statistics About Phishing

June 15, 2020

These 10 Alarming Statistics About Phishing Can Arm You to Fight Back Against Today’s Biggest Threat.


Phishing is today’s biggest threat. The gateway to most of the worst cybercrime that IT teams have to face, this deceptively simple tool can unleash apocalyptic disasters for organizations. Many of the most epic data breaches, ransomware attacks and hacking operations started with a phishing email, like the Colonial Pipeline ransomware disaster, started with phishing. Google had registered 2,145,013 phishing sites as of Jan 17, 2021. This is up from 1,690,000 on Jan 19, 2020 (up 27% over 12 months). As these alarming statistics about phishing indicate, it’s a major menace that endangers security at every business every day.


ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>


10 Phishing Facts You Need To Know



Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>


How High is Your Phishing Risk?


While every business is at risk of a phishing attack every day, some industries are a little more vulnerable than others. A 2020 user behavior study shows that employees in these sectors are the most likely to interact with a phishing email. 

The Top 5 Sectors in Which Employees Interact with Phishing Messages  

  1. Consulting 
  2. Apparel and accessories 
  3. Education 
  4. Technology 
  5. Conglomerates/Multi-Nationals 

Some departments are significantly more likely to receive a barrage of sophisticated phishing messages. One major threat to watch is phishing targeted at IT departments.  Surprisingly, 75% of the businesses polled in a survey reported in Tech Republic indicated that phishing attempts were most likely to target their IT staff – and 40% of those IT staffers fell for the bait. 


Drill down to the bottom line to see why security & compliance awareness training is a smart investment. GET IT>>


Departments Most Likely to be Targeted by Phishing   

  1. IT = 74%   
  2. Sales =35%   
  3. Executives = 27%   
  4. Marketing = 25%   
  5. Customer Support = 21%

Learn more about which industries see the most phishing: Which Industries Saw the Most Phishing Last Year? These 5


Who Falls for Phishing


A recent experiment by Canadian security researchers exposed the sad truth: an estimated 25% of Noth American workers tested were fooled by phishing emails, leading to some dangerous consequences. 

  • 67% of clickers (13.4% of overall users) submitted their login credentials, up substantially from 2019 when just 2% submitted their credentials 
  • The Public Sector and Transportation workers struggled the most, posting a click rate of 28.4% 
  • The Education, Finance and Insurance sectors performed considerably better than others, with click rates of 11.3% and 14.2% (tied) 
  • Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate 
  • About 7 out of every 10 clickers willingly compromised their login data 
  • Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively. 

Learn more about how to assess your phishing risk: What is Your Phishing Risk?


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


What is the Difference Between Phishing and Spear Phishing? 


Phishing risk is steadily rising, but the terminology used in articles about it can become confusing because many types of attacks share similar characteristics. Such is the case with phishing and spear phishing  When studying what makes each attack unique, it’s easy to see the fundamental differences in phishing vs spear phishing.  

  • In a phishing attack, cybercriminals are using appealing or frightening lures to snag users. Sometimes, cybercriminals make it easy on themselves by spoofing communications from US government agencies. Recently, bad actors have increasingly focused their sights on lynchpins of industry like city governments, MSPs and other critical targets, Cybercriminals have also been busy unleashing large-scale phishing attacks by masquerading as a famous, trustworthy brand like Microsoft.  
  • In a spear phishing attack, the same cybercriminals will scour dark web markets and data dumps to find and the perfect piece of information to entice users to click.  Practitioners of these attacks use social engineering combined with detailed information about the target to create an irresistible lure. Many of today’s biggest threats and worst cybersecurity disasters started with a successful spear phishing email.   

Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>


Blow Phishing Threats Out of the Water With BullPhish ID


What’s the best way to avoid catastrophe from a phishing attack? Never let it get started. By ensuring that staffers are savvy to the phishing threats that they might face, you’ll reduce your chance of experiencing a cybersecurity disaster by up to 70%. BullPhish ID is the ideal solution to use for regular security and compliance awareness training.

With BullPhish ID you can: 

  • Gain access to a large library of training videos to educate employees on how to avoid cyber threats like phishing and ransomware. 
  • Simplify compliance training with video lessons that make complex requirements easy to understand. 
  • Train your way and on your schedule with plug-and-play phishing simulation kits or customizable content that can be tailored to fit your industry’s unique threats. 
  • Be confident that you’re educating employees about the latest threats or compliance requirements, with at least four new training videos and fresh phishing kits added every month. 
  • Training videos are available in eight languages: English, Dutch, French, German, Italian, Portuguese, Spanish (Iberian/European) and Spanish (Latin). 
  • Leverage in-lesson quizzes and simple, easy-to-read reports to see the value of training and know who needs additional support.  
  • Simplify the training process and make it convenient for every employee with a personalized user portal.  
  • Automatically generate and send reports to stakeholders. 

Security awareness training is also proven to be a top mitigation for phishing – as long as it’s refreshed every 4 months or less. With BullPhish ID, you can use pre-made or customized phishing simulations from the leader in the space to train employees to spot and stop phishing messages.

Contact our experts for a demo of BullPhish ID today.