The modern age has brought about many new threats to safety and privacy. In the cybersecurity industry, phishing attacks have taken a leading role in disruptive and destructive cyber hazards. A phishing attack is any cyber-attack in which a hacker attempts to deceive the victim through the use of fraudulent emails or correspondence.
The fake message looks authentic and contains links or attachments with malware inside. The message instructs the victim to click on the links or download the attachments. The malware then infiltrates the computer system and gains access to private information, data, and anything of value.
While phishing attacks can be prevented to a limit, it’s important to stay updated on the recent statistics and forms of phishing attacks taking place to avoid falling victim to them.
Latest Phishing Statistics
Here is a roundup list of some of the most recent phishing statistics:
- In March 2024, over 301 brand names were involved in phishing attacks worldwide. (Statista)
- In 2024, 31% of phishing attacks worldwide were directed toward the financial sector. (Sci-Tech-Today)
- Social media and webmail accounted for 30.5% and 21.2% of phishing attacks. (Statista)
- 41% of cyber-attacks used phishing and more than half of those phishing attacks used spear-phishing attachments. (IBM)
- 55% of respondents of a survey believed that hackers would use ChatGPT to craft believable and legitimate-sounding phishing e-mails. 51% thought that the AI tool would help less experienced hackers improve their technical knowledge and develop their skills for spreading misinformation. (Sci-Tech-Today)
- By 2025, forecasts suggest that there will be more than 75 billion Internet of Things (IoT) connected devices in use which could become vulnerable to possible security breaches in the form of hacking, phishing, and more. (Statista)
- Phishing e-mails remain one of the primary attack vectors for cybercriminals. On average, 15% of businesses worldwide have become victims of more than 50 bulk phishing attacks. More than half of the companies said these phishing attacks resulted in consumer or client data breaches. (Statista)
- Highly impersonated brands for phishing scams include Amazon and Google at 13%, Facebook and WhatsApp at 9%, and Netflix and Apple at 2%. (CISOMag)
Biggest Phishing Breaches In 2024
Phishing attacks are becoming more innovative and spreading faster than ever before. Last year saw record-breaking numbers. The APWG logged more than 2.7 million phishing attacks in the first three quarters of 2024. Since the beginning of 2019, the number of phishing attacks has grown by more than 150% per year. Some of the biggest phishing attacks in 2024 include:
Pepco Social Engineering Attack, February 2024
Introduction: Pepco Group's Hungarian branch was targeted by a sophisticated phishing attack that involved spoofing legitimate employee emails to deceive finance staff. Loss: The attack resulted in a loss of approximately €15.5 million, causing substantial financial damage to the company.
Change Healthcare Attack, February 2024
Change Healthcare, a major U.S. medical claims processor, was targeted by the ALPHV/BlackCat group through a phishing attack that harvested compromised login details. The breach impacted over 100 million users, causing significant disruptions in healthcare services nationwide.
Malware Disguised as a Bank Payment Notice, March 2024
A phishing campaign disguised as bank payment notifications delivered the Agent Tesla malware, which acted as an information stealer and keylogger. This campaign led to significant financial losses for numerous individuals who were tricked into providing sensitive financial information.
StrelaStealer Campaign, March 2024
The StrelaStealer malware campaign targeted organizations across the EU and the US through spear-phishing emails containing ZIP file attachments. The campaign resulted in the theft of email login credentials, which were used to perform further attacks.
Starbucks Phishing Scam, October 2024
A phishing campaign targeted Starbucks customers with fake promotional emails offering a "free Starbucks Coffee Lovers Box." The scam tricked customers into providing personal and payment information, leading to significant reputational damage for Starbucks.
How To Prevent Phishing In 2025
While the dangers of phishing attacks may seem unavoidable to some extent, it’s important to practice cyber hygiene and be cautious to avoid becoming a victim. We’ve drawn up a list of ways you can prevent yourself from being caught up in a phishing scam in 2023:
Be Overly Suspicious
While we don’t recommend that you wear a tinfoil hat and never open your email again, there are ways to be cautious. A phishing scam tries its best to fool its victims by looking almost entirely legitimate - “almost” being the operative word.
Companies will not ask you for sensitive credentials in an email or text message. If you receive any communication asking for sensitive information – or any information – rather be safe and call the official company line and enquire about the authenticity before submitting any information.
Sourced from Federal Trade Commission
Think Before You Click
The FBI’s 2021 Internet Crime Report reported that 19,954 complaints were related to business email compromised issues - the losses of which amounted to US$ 2.4 billion. Hackers will count on your carelessness when opening email links and downloading files. Even if an email or attachment looks legit, it’s important to always be cautious. Ensure that any links received are not suspicious-looking and that every URL you click on looks sensible before clicking them - regardless of if they’ve come from trusted sources or not.
Update Your Software
While we all want to simply wave away the pesky update notifications, it’s important to always maintain the latest software updates on your PC and phone. Most updates include patches that fix vulnerabilities in the software. Hackers will use your delayed update to take advantage of those vulnerabilities and infiltrate your system.
Use Multi-Factor Authentication
Keep the Multi-factor authentication on across all your apps and accounts. This ensures that your accounts and device have multi-layered security. This will limit access and keep your information safe. Extra credentials are required which makes it more difficult for hackers to enter your account or compromise your data.
Stay Informed
It’s important to stay aware of the phishing scams in your area. Keep an ear and eye out for any new scams going around and spread the word to keep others safe as well.
Browse Safely
When you’re online, it’s easy to forget the smaller details – especially when shopping. Remember to ensure that the websites you access are SSL-certified and have a URL starting with “https” so you know that your data is encrypted. A secure website will also feature a lock icon near the URL address bar. Don’t enter any information into a website that does not seem secure.
Provide Cybersecurity Training
Most cyber-attacks on businesses start with an employee clicking on a dubious. To maintain the safety of your network, ensure that your employees receive adequate cybersecurity training and education. Implementing cyber hygiene practices in the workplace will help your employees recognize and avoid phishing scams faster and protect your organization.
Use Advanced Cybersecurity
In this modern world, everything is automated – and your cybersecurity solutions should be the same. Invest in advanced and high-quality cybersecurity measures to ensure that phishing scams and malware don’t stand a chance.
Sangfor’s Next Generation Firewall (NGFW) can be used in conjunction with Endpoint Security to identify malicious files at both the network level and endpoints. The advanced firewall is a security device designed to inspect network and application traffic for threats, secure the network environment from intrusion, and bring in security intelligence from outside the network. Anything that the on-premises features cannot analyze is automatically sent to the cloud-based Neural-X sandbox for isolation and critical inspection.
Additionally, Sangfor’s Cyber Command (NDR) Platform constantly monitors for malware, residual security events, and future potential compromises in your network. The solution is coupled with Threat Intelligence and an enhanced AI algorithm to keep you updated with any vulnerabilities in the system while ensuring your data is always kept strictly protected and consistently monitored for lingering threats
Ensure that phishing scams and other malware are a thing of the past by introducing these safety practices and solutions.
For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.