10 Facts About Phishing That You Should Know

facts about phishing

What is every hacker’s weekend getaway?

They go phishing


In an increasingly digital world, where information flows freely and transactions occur at the click of a button, the threat of phishing looms larger than ever before. Phishing, a deceptive practice designed to manipulate individuals into revealing confidential information or performing malicious actions, has evolved into a formidable cybercrime. Understanding the nuances and dangers of phishing is crucial for individuals and organizations alike.

In this article, we will delve into 10 essential facts about phishing that everyone should know, shedding light on the tactics employed by cybercriminals, the potential consequences of falling victim to these scams, and most importantly, how to protect yourself from this pervasive online threat and data breach. Whether you’re a seasoned internet user or just beginning your digital journey, the insights within these pages will empower you to navigate the virtual world with greater confidence and security.

What is Phishing?

Phishing is a type of cyber attack in which malicious actors attempt to deceive individuals or organizations into revealing confidential information, such as credentials, credit card numbers, or other personal or financial data.

The stolen credentials or details are then used to execute the next steps of the attacker’s plan which might include

Phishers use various communication channels, including email from similar domains as the original, text messages (SMS), voice calls (vishing), or social media, to reach their targets. These messages are designed to appear trustworthy and convincing. Phishing attempts often impersonate trusted entities, such as banks, government agencies, well-known companies, or colleagues. Attackers may use logos, email addresses, or language that mimics the real organization.

The primary goal of phishing is often to steal sensitive data, such as login credentials, credit card numbers, social security numbers, or other personal or financial information.

Let’s see the most common and interesting facts about phishing further below.

10 Facts About Phishing

1. Phishing attacks are the most common.

Phishing statistics suggest that nearly 1.2% of all emails sent are malicious, which in numbers translates to 3.4 billion phishing emails daily. Data breaches of over 33 million records are expected to occur by 2023 with a ransomware or phishing attack occurring every 11 seconds. Phishing attacks are effective because they often exploit human psychology and use social engineering tactics to deceive recipients. Phishing campaigns are relatively low-cost compared to other forms of cyberattacks, such as developing sophisticated malware and some campaigns might even contain malware as attachments.

2. 95% of attacks on business networks are the result of successful spear phishing

Spear phishing is a highly targeted form of phishing where cybercriminals tailor their phishing message to specific individuals or organizations. They often gather personal information to make the email appear more convincing. It’s true that spear-phishing is a prevalent and dangerous threat in the cybersecurity world.

Phishing attacks are effective because they often exploit human psychology and rely on social engineering tactics. Attackers craft convincing emails that appear legitimate and use persuasive techniques to manipulate recipients into taking actions that can compromise security. Organizations must invest in educating their employees and provide security awareness training about the risks of phishing and how to recognize phishing attempts. Training can help reduce the likelihood of employees clicking on malicious links or disclosing private information.

4. 41% of employees failed to notice a phishing message because they were tired.

Fatigue, whether due to long working hours, lack of sleep, or other factors, can impair an individual’s cognitive function and decision-making abilities. When employees are tired, they may be less alert and attentive, making them more vulnerable to phishing attacks. To mitigate the risk associated with tired employees, organizations should provide security training that includes guidance on recognizing phishing attempts, even when individuals are fatigued. Employees should be encouraged to remain cautious and skeptical, especially when they are tired.

5. Smaller organizations see a higher rate of malicious emails like phishing emails.

Larger organizations typically have larger budgets for cybersecurity and may invest in more advanced security solutions, employee training, security awareness, and incident response capabilities. This can make them more resilient to phishing attacks. Phishing attacks often target individuals and organizations based on various criteria, including industry type, the potential value of stolen information, and the perceived ease of success. Smaller organizations may be targeted if they are perceived as having weaker cybersecurity defenses.

6. Sextortion is one of the most common tactics in phishing campaigns.

Sextortion phishing emails typically involve threats to expose compromising or sensitive information about the recipient unless they comply with the sender’s demands. These phishing emails rely heavily on social engineering tactics to create fear, panic, and urgency. The goal is to pressure the recipient into complying with the attacker’s demands out of fear of reputational or personal harm. To prevent falling victim to sextortion phishing, individuals should maintain strong security practices, including using strong and unique passwords, etc, and being cautious when opening emails from unknown senders. It’s also important not to engage with or respond to such emails.

7. The cost of phishing attacks has almost quadrupled over the past seven years

Phishing attacks have become increasingly sophisticated over the years which even include email compromise. Cybercriminals continually refine their tactics, making it more challenging for individuals and organizations to detect and defend against phishing attempts. These advancements can lead to more successful and financially damaging attacks.

Phishing attacks target a broad range of organizations and individuals, making it a widespread concern across various industries and sectors. Phishing remains one of the most common and successful attack vectors for cybercriminals. It is relatively easy to execute and can yield substantial rewards for attackers.

9. Exponential increase in vishing attacks

According to surveys of working adults and IT professionals conducted in 2022, almost seven in 10 respondents reported having encountered vishing attacks. This represents an increase from 54 percent in 2020. Vishing attacks are a type of social engineering attack performed over phone calls or voice messages for phishing.

10. Global brands mostly impersonated in phishing

Microsoft has accounted for 29 percent of all phishing attempts this year. Check Point Research’s Brand Phishing Report for Q2 2023 reveals that Microsoft has taken the lead as the most impersonated brand for phishing scams this quarter, accounting for 29 percent of all attempts. Attackers not only frequently impersonate Microsoft, but they also use Microsoft’s own tools to commit fraud.

IC3 ( FBI’s Internet Crime Complaint Center) received 298,878 Phishing/Spoofing in the year 2023 alone which caused a loss of approximately $18,728,550.

Globally, 323,972 internet users fell victim to phishing attacks in 2021.


1. What are the main causes of phishing?

The main causes of phishing can be attributed to a combination of technical vulnerabilities, human factors, and criminal motivations. Here are the main causes:
Human Vulnerability: Phishing exploits the vulnerabilities of human psychology. Cybercriminals use persuasive tactics, urgency, and fear to manipulate individuals into taking actions such as clicking on malicious links, opening infected email attachments, or revealing sensitive information.
Technical Vulnerabilities: Phishing attacks can take advantage of technical vulnerabilities, such as software or hardware flaws, to deliver malicious payloads.

2. How common are phishing attacks?

Phishing attacks are quite common and continue to pose a significant threat in the realm of cybersecurity. These attacks are widespread because they are relatively easy for cybercriminals to execute and can yield substantial rewards. Phishing attacks occur daily and target individuals, businesses, government agencies, and organizations across various industries and sectors. Phishing knows no geographical boundaries. Cybercriminals can launch phishing attacks from anywhere in the world, making them a global threat.

3. What type of phishing attack targets specific users or groups?

A phishing attack that targets specific users or groups is commonly referred to as “spear phishing.” Spear phishing is a highly targeted form of phishing in which cybercriminals customize their attacks for a specific individual, organization, or group of people. Unlike generic phishing attacks, which are sent to a large number of potential victims, spear phishing attacks are personalized and often more convincing. Here are some key characteristics of spear phishing:
Targeted Victims: Spear phishing attacks focus on specific individuals or groups, often based on information gathered about the target. The attackers research their victims, gathering details from social media, company websites, or other sources to make the phishing attempt more convincing.
Personalization: Spear phishing emails are carefully crafted to appear as though they come from a trusted source, such as a colleague, manager, or a known business partner.
Social Engineering: Spear phishing relies heavily on social engineering tactics to manipulate the target’s emotions, trust, or curiosity.

4. Where is phishing most common?

Phishing is a global cybersecurity threat, and it occurs worldwide. Cybercriminals target individuals and organizations across geographical boundaries, making it difficult to pinpoint specific regions as the sole or most common location for phishing attacks.
High Internet Penetration: Regions with high Internet penetration rates tend to experience more phishing attacks because there are more potential victims online. Developed countries and urban areas often have higher internet penetration rates.
Large Population Centers: Cybercriminals often target densely populated areas with a higher concentration of potential victims. Major cities and metropolitan areas may see more phishing attacks compared to rural regions.
Cultural and Language Factors: Phishing attacks often use social engineering tactics that exploit cultural norms and language proficiency. Some phishing campaigns are more effective when they target specific cultural or linguistic groups.

Lichumon is an enthusiastic SOC Analyst with a keen interest in exploring the complexities of the dark web and human risk factors in cybersecurity. Despite being early in his career, his eagerness to learn and adapt sets him apart. Balancing vigilance and curiosity, Lichumon navigates the ever-evolving cyber threat landscape with a sense of determination and commitment to continuous learning.