Since the mid-1990s, phishing has remained a mainstay form of cyberattack, where individuals and organizations are tricked into revealing personal information or high value data through fake emails and malicious links. Cybercriminals use phishing attacks to steal credentials, financial information, and confidential business data, which often results in financial losses and reputational damage.
One of the most effective ways to combat phishing threats is through Domain-based Message Authentication, Reporting & Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM). These email authentication protocols help prevent unauthorized senders from spoofing domains and sending fraudulent emails.
In early 2024, Google and Yahoo implemented stricter DMARC enforcement policies, meaning that emails that failed authentication checks would be sent straight to spam folders. This new requirement by two industry leaders highlighted the increasing importance of businesses implementing DMARC to ensure email security and deliverability.
As part of EasyDMARC’s efforts to prevent, understand, and drive awareness about phishing, we published our “Global Phishing Trends and Insights Report” for 2024, which aims to analyze email security threats and their impact worldwide. This blog breaks down and explores the report’s insights into phishing threats and email security trends.
Key Takeaways on Phishing Trends and Prevention
- IT, education, and financial services are the most targeted industries.
- The U.S. leads in both phishing attacks received (53.24%) and phishing emails sent (43%).
- Google and Yahoo’s new DMARC policies make email authentication crucial for businesses.
- Phishing attack statistics show that phishing remains the most common type of cyber attack in 2024.
- Stronger email security measures like DMARC are critical in mitigating phishing risks.
- EasyDMARC’s Global Phishing Trends and Insights Report 2024 is available for deeper analysis into phishing facts and phishing attack statistics.
Recent Phishing Attack Statistics in 2024
Our investigations into phishing statistics for 2024 confirmed that this form of attack remains a leading cyber threat.
- Phishing attacks were recorded in 195 countries, targeting 145+ industries and 72,000+ companies worldwide.
- 190+ million phishing attacks were blocked with the help of EasyDMARC’s platform.
- 500+ million emails were flagged as spam and classified as non-compliant by EasyDMARC’s platform.
These numbers show that cybercriminals are using increasingly advanced techniques, making the need for stronger email security measures even more urgent. With phishing attempts becoming more sophisticated, adopting proactive measures such as DMARC enforcement and continuous monitoring of email authentication settings are even more crucial. Organizations that fail to secure their domains remain at risk of falling victim to these increasingly deceptive attacks, which can have severe consequences for their finances and brands.
How Common Are Phishing Attacks by Industry?
Some industries are more vulnerable to phishing due to the high value of their data or weaker security measures. Phishing statistics in our report show that the most targeted industry in 2024 was the IT software and services sector, accounting for 26% of phishing attacks. The IT sector faces greater risk due to its critical role in infrastructure and access to valuable data. Cybercriminals exploit software vulnerabilities and employee susceptibility to phishing scams to gain access to sensitive information and important systems.
Education was found to be the second most vulnerable sector at 8.62%. Educational institutions are frequently attacked because of their broad user bases, which include students, faculty, and administrative staff who may not be well-trained in cybersecurity best practices.
The third most targeted industry was financial services (6.13%), due primarily to the higher chance of direct monetary gain, as attackers use phishing tactics to access bank accounts, process fraudulent transactions, or steal sensitive client data.
Phishing Attacks by Country: Where Are Cybercriminals Targeting?
The most targeted country in 2024 was the United States, with over half of all phishing attacks in our report aimed at US organizations and businesses.
Phishing statistics in our report show a high percentage of phishing attacks in the U.S. that can be attributed to its large digital economy and numerous high-value targets, including corporations, government institutions, and financial entities. Other countries on this list, such as Qatar and the Czech Republic, are also seeing an increase in phishing attempts due to their growing digital infrastructures and expanding online markets.
Countries Sending the Most Phishing Emails
While some countries are primary targets, others serve as launching points for phishing campaigns.
Many phishing emails originate from these regions due to compromised servers and sophisticated cybercriminal networks. Attackers often use botnets and spoofed email addresses to hide their location. Organizations can mitigate these threats by implementing a strict DMARC policy (p=reject) so that they can ensure that emails do not even reach spam folders and are completely blocked.
Is Phishing the Most Common Cyber Attack?
Phishing remains the most prevalent cyber threat worldwide, accounting for the majority of security breaches, and often being the entry point for ransomware and business email compromise (BEC) scams. Other reports confirm this. For example, IBM’s Security X-Force research revealed that 41% of cybersecurity attacks started with a phishing email. One of the primary reasons for this is that cybercriminals are continually refining their techniques, even using AI-driven phishing scams and deepfake technology to increase the success rate of their attacks.
The Role of DMARC in Preventing Phishing Attacks
Implementing DMARC is essential in combating phishing attacks. DMARC works alongside SPF and DKIM to authenticate emails, ensuring that messages are from the claimed sender. SPF allows domain owners to specify which mail servers are permitted to send emails on their behalf, while DKIM provides an encryption key and digital signature to verify that an email hasn’t been altered. DMARC uses both these protocols, enabling domain owners to set policies on how to handle emails that fail SPF or DKIM checks. This prevents unauthorized use of organizations’ domains and reduces phishing risks. To verify whether a domain has DMARC correctly configured, organizations can use EasyDMARC’s DMARC lookup tool to check authentication records.
As previously mentioned, Google and Yahoo’s stricter email authentication requirements mandate that organizations adopt DMARC. Although these regulations do not yet require organizations to enforce stricter DMARC policies of p=quarantine or p=reject, these industry leaders are laying the groundwork for stricter enforcement in the future. Non-compliance with their current requirements can result in emails being marked as spam, significantly impacting email deliverability. Businesses that haven’t yet implemented DMARC can follow our step-by-step guide to properly set up DMARC, and also consult our DMARC engineers.
Beyond authentication, phishing emails often contain malicious links designed to steal credentials or install malware. Even with email security measures in place, employees may still fall victim to phishing attempts. If you don’t yet have DMARC enforcement in place, you can use EasyDMARC’s phishing link checker to verify suspicious URLs before clicking on them.
Phishing is Here to Stay
The phishing statistics in our Global Phishing Trends and Insights Report show that if anything, phishing is growing, becoming more dynamic and intelligent, and more difficult to counter. The result is major telecommunications and tech companies implementing new protocols, most importantly DMARC.
DMARC has a relatively low adoption rate despite its increasing importance in email security, with only around eight percent of companies worldwide having a valid DMARC record in place. As Google and Yahoo continue their efforts to standardise this security protocol, and through services that make DMARC implementation easy, like EasyDMARC, adoption rates are slowly rising, an encouraging sign that phishing attacks may soon become much more difficult for fraudsters.
Since 2020, ecommerce and online organizations have become the standard in many areas globally, meaning increased presence online for both legitimate organizations and fraudsters looking for an easy win. DMARC represents the next major security measure, and implementing it is easier than ever, so expect to see more major businesses and organizations adopting this security standard.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us