23 November 2023

20 Eye-Opening Facts about Phishing for Small Businesses

By Ronald Smith

I’ve got some fascinating information to share with you about a sneaky online threat called phishing. It’s important for small businesses like yours to stay informed and protected, so here are 20 eye-opening statistics you should know:

1. Did you know that around 91% of all cyberattacks begin with a phishing email? That’s a huge number!

2. Over 75% of small businesses worldwide have experienced some sort of phishing attack. It’s a common problem!

3. Incredibly, the average cost of a phishing attack for a small business is around $1.6 million. That’s a lot of money!

4. Around 30% of phishing emails make it past default security precautions. Sneaky, huh?

5. Cybercriminals are getting smarter! They create about 1.5 million new phishing websites every month.

6. Shockingly, almost half of all phishing sites use HTTPS to trick you into believing they’re secure. Sneaky, sneaky!

7. Attackers don’t discriminate. They target both larger enterprises and smaller businesses equally.

8. Did you know that phishing emails related to COVID-19 increased by 6000% during the pandemic? That’s taking advantage of a crisis!

9. Cybercriminals often impersonate trusted companies like Microsoft, Amazon, and PayPal. They’re masters of deception!

10. It may surprise you to learn that 97% of people around the world cannot identify a sophisticated phishing email. It’s a tricky business!

11. Phishing attacks often target employees through their work email accounts. Stay vigilant!

12. Sadly, over 80% of reported security incidents involve some form of phishing. It’s a prevalent threat!

13. Phishing attacks can cause significant damage to a business’s reputation. Your credibility is on the line!

14. Small businesses are seen as easy targets, with 60% of cyberattacks directed at them. Don’t let your guard down!

15. On average, it takes about 197 days to identify and contain a data breach caused by phishing. Speed is of the essence!

16. Did you know that 88% of data breaches are caused by human error or negligence? We all make mistakes, but we can learn!

17. Continuous employee training and awareness programs can reduce the risk of successful phishing attacks by 70% or more. Education is key!

18. Don’t underestimate mobile devices. 30% of phishing attacks in 2020 were targeted at mobile users. Stay cautious!

19. Phishing isn’t just about email. Attackers also use phone calls, text messages, and malicious websites to deceive you. They’re always evolving!

20. The more you know, the better prepared you are! Educating yourself and your team about phishing is crucial for your business’s security.

I hope these staggering statistics have given you a clearer picture of the serious threat phishing poses to small businesses like yours. Stay alert, stay informed, and take the necessary steps to protect your valuable information. You’ve got this!

20 Eye-Opening Facts about Phishing for Small Businesses

Phishing attacks are on the rise. And the newest numbers show just how serious this problem has become. To help keep you informed about the dangers of phishing, I’ve gathered some key stats for you to check out.

Contents

What exactly is a phishing attack?

A phishing attack happens when a deceptive person or group tricks you into giving up important, private information or unknowingly installing harmful software on your computer.

These attacks make up 53% of all social engineering attacks. The cyber criminals often reach out to victims through social media messages, emails, phone calls, or text messages.

Let’s dive into some social media phishing stats.

As the number of social media users continues to grow rapidly, cyber attackers are exploiting this platform for their phishing scams.

Here are some significant statistics to bear in mind:

Social Media: A New Battleground for Phishing Attacks

Did you know that social media has become a hotbed for cybercriminals? It may surprise you, but approximately 12% of all phishing attacks in 2021 were launched through various social media platforms. That’s a significant number!

While email remains the top target for these attacks, clever hackers have now set their sights on social media. They are turning it into a breeding ground for phishing campaigns. So, what does this mean for you? It means you should prioritize training your employees on how to recognize and avoid social media phishing scams. Make it a key component of your company’s cybersecurity strategy.

Social Media Attacks: The Rising Threat

In 2021, a whopping 74% of companies fell victim to social media attacks. This is an alarming statistic that cannot be ignored. Hackers are increasingly exploiting social media platforms to target businesses of all sizes. That’s why you must implement a strict cybersecurity policy specifically for social media usage within your company. If you haven’t done so already, now is the time!

What can you do to protect your organization? First, educate your employees about the dangers lurking on social media. Encourage them to refrain from clicking on suspicious messages and links posted on these platforms. By doing so, you can fortify your defenses and reduce the risk of falling victim to these attacks.

Spam Alert: Rampant on Social Media

Ever feel like your social media feeds are flooded with spam? You’re not alone. A staggering 47% of social media users reported seeing an increase in spam in their feeds. That’s a lot of unwanted content!

How can you avoid falling into the trap? It’s simple. Refrain from clicking on random links sent to you through messages or posts. These links could lead you into the dangerous territory of phishing attacks. Stay vigilant and protect yourself from becoming a victim of cybercrime.

  • Avoid clicking random links in messages

Protecting Yourself Against Phishing

  • Ask yourself if this message seems genuine for a social media contact.
  • Give the person or organization a call to verify their identity.
  • Never share any personal or confidential information on social media.

4. LinkedIn is a Hot Target for Phishing Attacks

LinkedIn has become a popular playground for hackers. According to a study by Check Point, over half of all phishing attacks globally target this popular social networking platform.

5. Be Aware of LinkedIn Phishing Messages

Beware of phishing messages on LinkedIn. Hackers send emails pretending to be from LinkedIn, trying to trick you into giving away your account information. These stolen credentials can then be used for other cyber crimes.

Phishing Email Statistics

Take a look at these recent statistics on phishing to understand how email plays a crucial role in cyber attacks.

6. Spear phishing emails are the most popular way hackers launch phishing attacks.

The number of targeted attacks is going up. In fact, 65% of hacker groups use spear phishing as their main way to infect systems. In these attacks, hackers collect information about a company to take advantage of human vulnerability. So the best way to fight back is to stay aware of these kinds of attacks.

7. In 2021, 83% of organizations experienced a successful email phishing attack.

Around 8 out of 10 companies fell victim to email phishing. You can use the latest tools for analyzing and detecting email fraud, such as business email compromise (BEC) attacks.

8. Did you know that 18% of the emails people click on their phones are actually phishing emails? Crazy, right?

It’s not surprising considering how many people use their mobile devices to open emails these days. But don’t worry, there’s a way to protect yourself.

If you want to stay safe from mobile phishing, you have to be careful about the apps you install on your phone. Make sure to always double-check and be critical of any apps that ask for your personal information.

Just keep in mind, not all apps are trying to steal your information, but it’s better to be safe than sorry!

9. Did you know that 1 out of every 99 emails you receive is a phishing attack? Scary, isn’t it?

That means that 1% of all the emails in your inbox could be trying to trick you into giving away your personal information. They usually do this by using infected links or attachments.

And to make matters worse, 25% of these phishing emails manage to bypass the security systems of Office 365, a popular email platform.

10. Did you know that 98% of the emails that have a crypto wallet address are actually phishing attempts? Shocking, right?

It’s a sad truth that many malicious emails are disguised as messages with crypto wallet addresses. So, if you ever receive an email asking you to enter your wallet information, be very cautious!

And here’s another eye-opener: 1 out of every 3 emails containing a link to a WordPress website is also a phishing attempt. So, be careful where you click!

Remember, it’s always important to stay vigilant and skeptical when it comes to emails. Don’t let yourself become a victim of phishing scams!

It’s really important for us to use a secure email gateway to protect us from harmful links and attachments.

Interesting Facts About Website Phishing Scams

Scams and attempts to steal information online are a big problem for businesses and individuals. To keep our data safe and protect our personal information, it’s important to understand the dangers of phishing.

Here are some important things to know about phishing:

1. There were over 1 million unique phishing sites in the first half of 2021.

According to Atlas VPN, there were 1,228,816 different phishing websites in the first half of 2021.

2. More than half of phishing sites use .com as their top-level domain.

About 51% of phishing sites have .com as their top-level domain, which makes it harder to identify them as scams.

The Prevalence of Brand Name Usage in Phishing Sites

I’m amazed by how many phishing websites are using popular brand names in their domains. Can you believe that almost 30% of phishing sites include a brand name in their domain? That’s a significant number! If you want to protect yourself from falling into these traps, you need to pay close attention to the spelling. Many of these phishing attempts use misspelled URLs to deceive unsuspecting individuals like you and me.

Fraudulent Invoices Cause Huge Losses for Facebook and Google

Let me tell you about a clever scam that cost Facebook and Google millions of dollars. A person named Evaldas Rimasauskas sent fake invoices worth over 100 million dollars to these tech giants. Can you imagine the audacity? It’s astonishing how these scammers can come up with such elaborate schemes to trick even the biggest companies in the world.

Brazil Takes the Lead in Phishing Attacks

Guess which country has become the number one target for phishing attacks in 2021. It’s Brazil! Yes, you heard it right. This South American country has unfortunately topped the list of countries most targeted by phishing scams. In second place, we have France, closely followed by Portugal. It’s a worrisome trend, and we all need to stay vigilant to protect ourselves from falling victim to these attacks.

The Devastating Financial Consequences of Phishing Attacks

I wanted to share some important info about phishing attacks and how they can seriously impact you. Phishing attacks can lead to data breaches, ransomware attacks, or other security incidents, and trust me, they can cost you a lot.

Let me tell you about some key findings from The Ponemon Cost of Phishing Study. This study helps us understand just how much financial loss can come from a successful phishing attack:

16. The average annual cost of phishing is $14.8 million.

Phishing attacks are a major threat to businesses these days. According to the Ponemon report, successful phishing attacks result in the loss of millions of dollars. Can you believe that?

That’s why it’s crucial for you to take action and protect yourself. Make sure you have the latest security solutions in place, like spam filters. It’s also a good idea to train your employees to spot phishing messages and malicious email attachments. Every little bit helps!

17. Employee phishing awareness training can reduce the total average cost of phishing by 53%.

If you want to protect yourself from tricky scams like phishing or other sneaky tricks, the best thing to do is get some cybersecurity awareness training.

We’ve got experts who can teach you and your team how to spot those phishing emails, fake websites, and nasty malware threats. And let me tell you, it’s worth it. It can save you a lot of money by preventing those phishing attempts.

18. Can you believe it? In 2021, the cost of employee productivity loss from phishing attacks reached a whopping $3.2 million a year!

Phishing attacks really mess with our productivity. On average, each person spends about 7 hours a year dealing with those sneaky phishing emails. That’s a lot of wasted time, if you ask me.

19. And get this, the total cost of malware attacks caused by phishing was a massive $807,506 in 2021!

Did you know that phishing is responsible for about 15% of all the malware infections in organizations? It’s a big deal, and the cost of dealing with malware attacks caused by phishing can be massive. That’s why it’s crucial to take proactive measures to prevent phishing attacks.

Oh, and here’s an interesting fact: in 2021, the average cost of credential compromises caused by phishing reached a staggering $692,531!

When credentials are compromised, businesses have to spend valuable tech time investigating and responding to the situation. And as you may know, tech time costs money. Not to mention the consequences that come with compromised credentials – it’s a whole mess!

But wait, you might be wondering, how many people actually fall for phishing attacks?

Well, here’s the thing: phishing is one of the sneakiest social engineering tricks out there. Believe it or not, around 20% of the people who receive phishing emails actually end up clicking on the malicious links. And to make matters worse, about 13% of those recipients go ahead and submit their credentials on these phishing sites!

Curious about the number of phishing attacks that happened in 2021?

I wanted to share something important with you. Phishing attacks are on the rise, and it’s becoming a real concern. Research from Dark Reading shows that a whopping 69% of companies experienced at least one phishing attack within the past year, that’s 2021. Can you believe it?

Now, let’s talk about which industry faces the highest click rates for phishing.

As of the first quarter of 2022, the financial industry takes the lead in being the most targeted by these malicious attacks. Can you guess which industries come next? It’s SaaS/Webmail and retail/E-commerce. Shockingly, 23.6% of phishing attacks are aimed at the financial industry all around the world. That’s a significant number!