Phishing Statistics and Global Impact (2020–2025)

Phishing has grown rapidly over the last few years, becoming the most common cyber attack worldwide. With attackers using advanced automation, artificial intelligence, and highly convincing social engineering techniques, phishing incidents have increased in both volume and complexity. This post provides a data-based analysis of phishing activity from 2022 to 2025, highlighting trends, financial damage, and key statistics from industry reports.

 

Global Phishing Volume (2022–2025)

2022

  • Over 3.2 billion phishing emails sent daily worldwide.
  • Attackers used mostly email-based scams, fake password resets, and delivery scams.
  • 79% of organizations reported at least one phishing attack.

2023

  • Phishing emails increased to 3.4 billion per day.
  • Rise of smishing (SMS phishing) targeting banking customers and delivery services.
  • AI-generated emails began to appear, increasing realism and reducing spelling/grammar errors.



2024

  • Global phishing attacks grew by 65% compared to 2022.
  • Deepfake audio phishing increased significantly in corporate spear-phishing cases.
  • Over 82% of data breaches involved phishing or human error (Verizon DBIR 2024).
  • Average cost of a phishing-related data breach: $4.76 million.

2025 (Early Trends)

  • AI-powered phishing increased by 126% since 2023.
  • Most phishing attacks now use automation and script-generated fake websites.
  • Social media phishing increased sharply due to fake verification messages on Instagram, Facebook, and TikTok.
  • QR code phishing (“Quishing”) became a mainstream attack method.

 

Financial Impact of Phishing (2022–2025)

Total global losses:

  • 2022: $4.2 billion
  • 2023: $5.1 billion
  • 2024: $5.8 billion
  • 2025 (Projected): $6.4+ billion

Main sources of losses:

  • Unauthorized financial transfers
  • Stolen business accounts
  • Compromised payroll systems
  • Ransomware delivered through phishing
  • Fraudulent advertising on hacked social media accounts

Business Email Compromise (BEC) alone caused $2.7 billion in losses in 2024.

 

Most Targeted Industries

2022–2023

  1. Financial services
  2. E-commerce
  3. Education
  4. Healthcare
  5. Social media platforms

2024–2025

AI-powered attacks shifted focus to:

  1. Cryptocurrency exchanges
  2. Cloud service providers
  3. Corporate HR departments
  4. Advertising accounts (Meta, Google Ads)
  5. Delivery and logistics companies

 

Popular Phishing Techniques and Growth Rate

Technique

2022

2023

2024

2025

Email Phishing

High

Very High

Very High

Very High

Spear Phishing

Medium

High

Very High

Very High

Smishing

Medium

High

High

Very High

Vishing

Low

Medium

Medium

High

QR Code Phishing

Low

Medium

High

Very High

Deepfake Voice Phishing

Very Low

Low

Medium

High

Key Observation:
Deepfake voice and QR-based phishing increased the fastest.

 

Top Phishing Themes (2024–2025)

  1. Account verification scams
  2. Delivery failure notifications
  3. Government tax refund scams
  4. Copyright violation scams (Facebook/Instagram)
  5. Cloud login security alerts
  6. Crypto wallet authentication scams
  7. Fake job offers and recruitment phishing
  8. Fake security updates

These reflect current digital habits: online banking, cloud accounts, remote work, and social media use.

 

Technical Trends in Phishing

1. AI-Generated Content

Attackers use AI to produce:

  • Perfectly written emails
  • Personalized messages
  • Human-like chat conversations
  • Fake documents (IDs, invoices, legal notices)

2. Automation Tools

Phishing kits now include:

  • Automatic webpage cloning
  • Bulk email sending
  • Real-time credential harvesting
  • MFA bypass via reverse proxy (MITM)

3. Mobile Phishing Growth

Mobile-based attacks represent 61% of all phishing, due to:

  • QR codes
  • SMS
  • Messaging apps
  • Mobile banking

4. Cloud Account Targeting

Phishing targets business tools like:

  • Google Workspace
  • Microsoft 365
  • Slack
  • AWS and Azure portals

These accounts grant attackers broad internal access.

 

Comparison Summary (2022–2025)

Phishing volume:

Steadily rising every year
Sharp increase in 2024–2025 due to AI tools

Losses:

Billions added each year
Highest losses caused by BEC and corporate spear phishing

Techniques:

QR code and AI-driven attacks rising fastest
Deepfake audio becoming mainstream

Targets:

Business accounts, cloud platforms, and social media admins most targeted
Individuals targeted through mobile attacks

 


Comments

Post a Comment

Popular posts from this blog

Phishing Demonstration and Simulation Using a Virtual Machine

Image
Phishing can be understood more clearly through practical demonstration. In this part, we walk through a step-by-step simulation of a phishing attack using a virtual machine environment. This example shows how attackers create a fake login page, deliver a phishing message, and collect stolen credentials. The goal is to increase awareness—not to promote illegal activity. For the simulation, we use: Kali Linux (attacker VM) Windows 10 (victim VM) Social Engineering Toolkit (SET) SET is a legitimate penetration testing tool used by cybersecurity professionals to simulate social engineering attacks. 1. Tools and Setup Attack Machine: Kali Linux Installed on VirtualBox or VMware SET Toolkit pre-installed Internet connection enabled Victim Machine: Windows 10 Browser: Chrome/Edge Email client installed Normal user privileges The attacker and victim VMs are connected to the same virtual NAT network. 2. Launching the Social Engineering Toolkit (SET...
Read more

Introduction to Phishing

Image
1. Introduction Phishing is one of the most common and successful cyber attack techniques used by cybercriminals. It involves tricking individuals into revealing sensitive information such as usernames, passwords, bank details, or personal data. Unlike technical hacking, phishing depends on human psychology, making it extremely effective even against people who are aware of cyber threats. Today, phishing remains the number one cause of data breaches , affecting individuals, businesses, governments, and global institutions. This post introduces phishing, explains why it continues to be dangerous, and sets the foundation for deeper exploration in later posts. 2. What Is Phishing? Phishing is a social engineering attack where the attacker pretends to be a trusted source — such as a bank, company, delivery service, or friend — to steal information or install malware. Attackers often use: Fake emails Fake websites Fake SMS messages (smishing) Fake phone calls (vishing) Socia...
Read more