The Latest Phishing Statistics, Facts, FAQs and Trends (Updated for 2026)

Phishing is a deceptive tactic where cybercriminals pose as legitimate entities to trick you into revealing sensitive information, like passwords or financial details. It’s a prevalent threat in the cybersecurity landscape, constantly evolving to bypass defenses and exploit new vulnerabilities.

Staying updated with the latest phishing statistics and trends is crucial for understanding how these attacks develop and how to protect yourself and your organization. By being informed, you can anticipate potential threats, implement adequate security measures and reduce the risk of falling victim to these increasingly sophisticated schemes.

2020 Phishing Statistics

• The number of unique phishing sites surged from 147,000 to approximately 572,000 between the second and third quarters of 2020.
• In the fourth quarter of 2020, over 22% of phishing attacks targeted financial institutions, making this sector the most frequently attacked.
• During the height of the pandemic, phishing incidents rose by an astonishing 220% compared to the yearly average.

2021 Phishing Statistics

• In 2021, phishing was responsible for a staggering 90% of data breaches. This statistic highlights the dominant role phishing plays in compromising sensitive information.
• A 2021 study revealed that users can fall for phishing emails in less than 60 seconds. This quick response time emphasizes the urgency of improving email security and user awareness.

2022 Phishing Statistics

• In 2022, there were over 300,000 phishing victims in the U.S., resulting in total losses exceeding $52 million.
• Eighty-four percent of U.S. organizations reported security awareness training has successfully reduced phishing failure rates.
• In January 2022, the Netherlands led the list of countries most targeted by phishing attacks, followed closely by Russia, Moldova and the U.S.

2023 Phishing Statistics

• In 2023, phishing emerged as the most commonly reported cybercrime in the U.S. This prevalence underscores the persistent threat phishing poses to organizations.
• From May 2022 to May 2023, over 35% of email threats involved deceptive links. This significant proportion highlights the ongoing use of malicious URLs in phishing attempts.

2024 Phishing Statistics 

• In 2024, email impersonation accounted for an estimated 1.2% of all email traffic globally. This seemingly small percentage represents a substantial volume of deceptive emails circulating worldwide.
• Seventy-nine percent of account takeover attacks began with phishing. This statistic highlighted how phishing compromises user accounts.
• Experts predicted that more groups offering hack-for-hire services would have emerged in 2024.

2025 Phishing Statistics

• The Anti-Phishing Working Group recorded 1,003,924 phishing attacks in the first quarter of 2025 alone.
• In 2025, 82.6% of phishing emails leveraged AI-generated content, which is making these attacks more convincing and challenging to detect.
• In a scam awareness trial survey, 56% of employees and executives were unable to differentiate between real emails and scam emails, and 66% of C-suite leaders could not recognize an AI-generated scam.

2026 Phishing Statistics and Predictions

• Fifty-two percent of organizations have implemented AI-enabled tools for phishing and email threat detection.
• Global phishing activity is growing, with an estimated 3.4 billion malicious emails distributed every day.
• By the end of 2026, experts estimate that 90% of credential compromises will result from phishing kits, or ready-made sets of software tools and resources attackers can use to conduct phishing scams.

Notable Facts about Phishing

Phishing has evolved significantly, employing increasingly sophisticated techniques to deceive the most cautious users. Understanding the notable facts about phishing can help you recognize its various forms and substantial impact on individuals and organizations.

Common Phishing Techniques

In 2023, there were over 45 million high-risk email threats, with 25 million containing malicious and phishing URLs. Beyond email, phishing through social media is becoming increasingly common, exploiting your trust in personal connections.

SMS phishing, or “smishing,” sends deceptive messages to your phone, attempting to steal sensitive information. Additionally, voice phishing, or “vishing,” uses phone calls to trick you into revealing personal details. These threats make it essential to stay vigilant across all communication channels.

Phishing’s Evolution

This shift from generic to targeted attacks has made phishing even more dangerous. In 2022, 47% of spear-phishing attacks were scams, while 42% were phishing, showing how cybercriminals increasingly focus on specific individuals or organizations.

Using advanced technologies like AI, these attackers craft compelling messages that are harder to detect. These more complex threats make it crucial for you to stay informed and cautious.

Impact on Businesses and Individuals

In 2021, 54% of phishing attacks on organizations worldwide led to consumer or client data breaches. This number highlights the severe consequences of falling for these scams. The costs of phishing attacks can be staggering, encompassing financial losses, reputational damage and the expense of recovery efforts.

Effective recovery and mitigation require prompt incident responses, thorough investigation and enhanced security measures to prevent future breaches. Staying vigilant and informed can help protect your organization from these costly and damaging incidents.

Frequently Asked Questions

Navigating the world of phishing can be complex, leaving you with many questions about how to stay safe. Here are some of the most frequently asked questions to help you understand and defend against phishing threats.

How can I identify a phishing attempt?

Common signs and red flags of phishing emails include unexpected invoices or urgent payment requests. These emails often pressure you to click on a link or provide personal information, creating a sense of urgency that can make you act quickly without thinking. Recognizing these tactics can help you avoid falling victim to phishing schemes.

What can I do after a phishing attack?

Suppose you fall victim to a phishing attack. In that case, immediate steps include changing your passwords, contacting your bank to see if financial information was shared and reporting the incident to the Anti-Phishing Working Group and the Federal Trade Commission.

Long-term actions involve regularly updating your security software, enabling two-factor authentication and staying informed about the latest phishing techniques to protect yourself better. These steps can help minimize the damage and reduce the risk of future attacks.

What are the four types of phishing?

There are several types of phishing. Four of the most common ones are:

• Spear phishing: Highly targeted phishing attacks aimed at a specific person or entity
• Whaling: A form of spear phishing that targets high-level executives, decision-makers, celebrities or high-net-worth individuals
• Smishing:  Phishing attacks delivered through SMS or text messages
• Vishing: Short for “voice phishing,” these are phishing attacks delivered via phone call

How does AI make phishing attacks more dangerous?

Attackers can use AI to craft more convincing and personalized emails that closely mimic real brands or people, removing the red flags that were more obvious in older scam emails. This ability extends to photos, videos, and voice calls or recordings, making it harder to distinguish between real and scam communications. AI also allows scammers to automate the creation and distribution of phishing emails at scale, victimizing more people.

Emerging Trends in Phishing

As phishing attacks evolve, staying ahead of emerging trends is essential to safeguard your digital security. Here are the latest developments in phishing and how these new methods pose increased risks.

Increased Sophistication of Attacks

Machine learning and AI have made phishing emails more personalized and convincing than ever before. In fact, 60% of participants in a study fell victim to AI-automated phishing, demonstrating the effectiveness of these advanced techniques.

These emails are tailored to your specific behaviors and preferences, making them harder to detect and more likely to deceive. Staying aware of these developments is crucial to protecting yourself from increasingly sophisticated phishing attacks.

Phishing in Remote Work Environments

Targeting remote workers and their devices has become an essential strategy for phishers, exploiting the increased vulnerabilities in home networks. With 13% of remote employees admitting to falling for phishing attacks, it’s clear that the shift to remote work has opened new avenues for cybercriminals.

Your home network may lack the robust security measures of an office environment. Therefore, staying vigilant and adopting strong security practices to protect against these threats is essential.

Staying Vigilant and Educated for a Secure Future

Ongoing vigilance and education are crucial in the ever-evolving landscape of phishing and cybersecurity. Staying informed and proactive will help you better defend against future threats and adapt to the continually changing tactics of cybercriminals.

Original Publish Date: 07/03/2024 — Updated 02/26/2026