Nowadays nearly 57% of internet users don’t protect themselves. When we talk about individuals, it’s their decision and responsibility, but businesses are responsible for large groups of people (employees, customers, partners, and vendors). Protecting these people should be a preventative step, but many businesses fail to take action until it’s too late.
While large companies usually have a data leak prevention plan, over 71% of all small businesses online don’t have any. This report includes new data points and insights observed across the global EasyDMARC network during the first six months of 2022.
The information in this report accurately represents our platform’s usage and the phishing statistics for 2022. EasyDMARC’s global representation and customer sample size give us the confidence that our report can be helpful for the cybersecurity community.
- At EasyDMARC, we’ve communicated with over 40,000 information security and cybersecurity professionals. More than 80% state that phishing attacks represent a top security concern.
- As commonly known research states, 93% of successful cyberattacks worldwide begin with a spear phishing email.
- EasyDMARC’s phishing email statistics identified over 9 billion phishing emails this year. Our systems constantly analyze traffic and automatically apply mitigation when phishing attempts are detected.
- During the first half of 2022, EasyDMARC’s platform blocked more than 90 million phishing attacks.
- In the same period, phishing attacks statistics show 89% of our clients reported that they’ve been affected.
- Finance is the most attacked industry globally. It has a quarterly increase of 5.8% in attacks. The second was the Retail industry (3,7% increase), and the third was the Non-profit organizations (1,7% increase) compared to last year.
- According to our phishing stats, March of 2022 alone registered more phishing attacks than during the whole 2021.
- The Netherlands leads the list of target countries for phishing attacks (over 18% of all attacks). Russia, Moldova, the USA, and Thailand follow.
- The percentage of phishing attacks detected by EasyDMARC increased by a staggering 62.9% compared to last year. This represents a 30% quarterly increase.
- We quarantined more than 10 million emails on our platform.
What is Email Phishing?
Globally, 96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites, and just 1% via phone (vishing and smishing).
The phishing attack is a social engineering technique for stealing victims’ data, such as login credentials, personal information, and credit card numbers.
The picture above displays an example of CEO fraud, a type of spear-phishing email attack in which the cybercriminal impersonates your CEO.
There are mainly two types of email CEO fraud. The first is name spoofing, where the attacker uses your CEO’s name but a different email address, and the second is the name and email spoofing, where the attacker uses both the CEO’s name and their correct sender address.
The goal is to steal confidential data, which can be;
- Company’s tax returns documents
- Bank account details
- Payroll information
Expect these phishing scam statistics; you can also look into the 12 types of phishing attacks article from our blog.
What’s in the Report?
The phishing statistics 2022 derived from our platform allowed us to break down our report into a few significant parts:
Phishing Attacks by Industry
Customers who register on our platform are asked to note the industries they represent (finance, marketing, healthcare, etc.). The sample size under discussion in this section is based on the fields they mentioned.
According to the statistics, the Finance sector was the most targeted, with more than 10% ahead. In second and third place are the Retail industry and Non-profit organizations.
Phishing Attacks by Country
The other interesting data point we could infer is phishing email statistics by the target country. Due to EasyDMARC’s Aggregate Report Geomaps tool, we get a bird’s eye view of where most phishing attacks are coming from.
Here are the first 40 most targeted countries. According to our phishing statistics in 2022, the Netherlands was targeted by the highest phishing attacks, with a staggering 17.7% of all attacks. Russia, Moldova, the USA, and Thailand follow.
Blocked Phishing Emails
This statistics are collected from the customers who have already implemented the strongest DMARC “reject” policy.
According to our phishing statistics in 2022, the largest amount of blocked phishing emails originated in Thailand – over 45% of all phishing attacks. The USA, Germany, China, and Brazil follow.
Phishing Emails: Delivered to SPAM
If you read our blog and use our product, you know that DMARC improves deliverability. The data in this section come from accounts that have enforced the “quarantine” policy.
According to our phishing attack statistics, most phishing emails delivered to the “SPAM” folder were from Russia (over 55%). Followed by the USA, Canada, Great Britain, and Vietnam.
According to our phishing statistics for the first half of 2022, we can state that phishing is not decreasing. Our data reflects the findings in other phishing attack statistics.
Over the years, phishers have become increasingly more skilled in getting information and sending targeted emails. With fast-growing phishing statistics, we can’t live in the world without any protection.
EasyDMARC’s goal is to provide a top-notch email security solution for small and medium businesses and, more importantly, ensure our customers’ peace of mind.
Disclaimer: The data we worked with in this research is based on the reporting data from our customer pool and doesn’t contain any PII.