Must-know phishing statistics for 2025

Egress | 18th Dec 2024

In 2024, phishing threats have become more sophisticated, with cybercriminals leveraging new methods such as quishing and multi-channel attacks. The growing complexity is evident in recent data, with a rise in incidents reported to the ICO in the UK and a 10% increase in complaints, including phishing/spoofing, filed with the FBI's Internet Crime Complaint Center (IC3) in the US. 

This article will explore key phishing statistics for 2024, including sources from our most recent Email Security Risk Report and both volumes of the Egress Phishing Threat Trends Report for this year, highlighting the critical phishing trends and threats businesses should be aware of. 

Headline stats for 2024 using Egress Defend data 

Top 5 most targeted industries: 

  1. Insurance 
  2. Finance  
  3. Healthcare  
  4. Law  
  5. Transportation 

Top 5 most impersonated brands:  

  1. Microsoft  
  2. DocuSign  
  3. PayPal 
  4. DHL 
  5. Facebook  

Top 5 most targeted job title:  

  1. CEO 
  2. CFO 
  3. CPO 
  4. CISO 
  5. CRO 

Top 3 most used payloads:  

  1. Links 
  2. Attachments  
  3. QR codes 

AI, impersonation, and DMARC:  

  • 67.4% of all phishing attacks utilized some form of AI  
  • 84.2% of phishing attacks passed DMARC authentication, one of the most common authentication tools used in secure email gateway (SEG) technology  
  • New employees face phishing attacks impersonating VIPs within an average of just three weeks after starting at a new company. 

In the UK, according to the ICO  

From January 1st to March 31st, 2024 (Q1) alone, there was a 21% increase in incidents reported to the ICO compared to the same period in 2023.  

  • 27% of these incidents were cyber related—a 33% jump from the same period in 2023 

From April 1st to June 30th, 2024 (Q2), there has been a 6% increase in incidents reported, compared to the same period in 2023.  

  • 29% were cyber incidents – a 21% decrease from the same period in 2023 

In the US, according to IC3  

The latest IC3 report revealed that phishing/spoofing was the most common cybercrime, with 298,878 complaints, significantly more than the 55,851 complaints for personal data breaches. 

  • However, individual complaints for phishing/spoofing were actually down 6.93% compared to 2022 
  • The reported losses as a result of phishing amounted to $18,728,550 

According to Fobes Advisor, the top 10 states most affected by phishing scams in 2023 were:  

  1. Nevada 
  2. District of Columbia 
  3. New Jersey 
  4. California 
  5. New York 
  6. Florida 
  7. New Hampshire 
  8. Washington 
  9. Illinois 
  10. Wyoming 

Phishing breakdown in 2024 so far  

In our latest Phishing Threat Trends Report, it was revealed that there has been a general increase in phishing attacks since the beginning of the year.  

  • There has been a 28% increase in phishing emails sent between April 1st – June 30th vs January 1st – March 31st, 2024 
  • 44% of phishing emails were sent from compromised accounts, helping them bypass authentication protocols, and 8% of these came from within the supply chain 
  • 45% of phishing emails contained a hyperlink payload  
  • 23% of phishing emails included malicious attachments  

Source: Phishing Threat Trends Report, October 2024. 

95% of Cybersecurity leaders are stressed about email security   

Although this issue extends before 2024, Cybersecurity leaders are continuing to feel the mounting pressure, with 95% revealing that they feel stressed about email security – phishing being their main concern.  Two possible reasons for this are that:  

  • 94% of organizations fell victim to phishing attacks, up from 92% in 2023 
  • 96% experienced negative fallout following a successful phishing attack 

Source: Phishing Threat Trends Report, April 2024. 

Impersonation tactics are here to stay  

Many modern phishing threats are increasingly driven by impersonation tactics, which have become the backbone of many advanced and targeted attacks against organizations. 

  • The latest Phishing Threat Trends Report reveals that 89% of phishing emails involve impersonation tactics 
  • Adobe was ranked as the most impersonated brand and DHL the most impersonated mail carrier 
  • Between January 1st and August 31st, 2024, 26% of phishing emails impersonated brands unconnected to the recipient through an established business relationship 
  • The next most common impersonation attacks involved posing as the recipient's company, accounting for 16.0% of incidents, with HR being the most frequently impersonated department 

Source: Phishing Threat Trends Report, October 2024. 

Commodity attacks overwhelm cybersecurity admins  

Commodity attacks—mass-produced, malicious campaigns that typically mimic spam by impersonating brands on a large scale—are rising in popularity.  

  • Commodity attacks peaked at 13.6% of all phishing emails detected by Egress Defend in December 2023 
  • During a commodity campaign, organizations experience a 2,700% increase in phishing attacks compared to their normal baseline 
  • 51.1% feature a single graphic and 72.3% include a hyperlink as its payload 
  • 78.5% of these attacks layered two or more obfuscation techniques to make it more difficult for admins to remediate attacks and block future ones with traditional technology 

Source: Phishing Threat Trends Report, October 2024. 

Account takeover and compromised accounts 

As one of the most difficult attacks for employees to identify, compromised accounts and account takeover (ATO) remain a significant concern for organizations.  

  • 58% of organizations experienced account takeover (ATO) incidents in the last 12 months 
  • 79% of these started with a phishing email harvesting employee credentials 
  • 83% of these attacks bypassed multi-factor authentication (MFA) 
  • 51% of organizations fell victim to phishing attacks sent from compromised supply chain accounts 
  • 52% of cybersecurity leaders stress most about attacks from compromised supply chain email accounts, closely followed by ATO attacks (47%) 

Source: Phishing Threat Trends Report, April 2024. 

67.4% of phishing attacks used AI in 2024 

It continues to remain difficult to talk about cybersecurity in 2024 without reference to AI. Whether it’s cybercriminals’ use of LLMs and chatbots to create convincing attacks at scale, or vendors using AI in their detection – AI in phishing is here to stay. 

  • 63% of cybersecurity leaders are worried about deepfakes 
  • 61% are concerned about AI chatbots creating phishing campaigns 
  • Of the phishing toolkits our Threat Intelligence team analyzed for our latest Phishing Threat Trends Report, 74.8% referenced AI and 82.0% mentioned deepfakes 

Source: Egress Defend Data, Phishing Threat Trends Report, April 2024, and Phishing Threat Trends Report, October 2024. 

A surge in QR code phishing  

A staggering increase in QR code phishing (or “quishing”) attacks during 2023 saw them skyrocket up the list of concerns for Cyber teams globally. Attacks were both prolific and highly successful, demonstrating how cybercriminals effectively combine available technology with consumer familiarity (or complacency) at scale. 

  • QR code payloads in phishing emails were rare in 2021 and 2022, at 0.8% and 1.4%, respectively 
  • This jumped to 12.4% in 2023 and continued at 10.8% in 2024 
  • Our latest edition of the Phishing Threat Trends Report revealed that 12% of phishing emails contain a QR code 

Source: Phishing Threat Trends Report, April 2024, and Phishing Threat Trends Report, October 2024. 

Multi-channel attacks 

Cybercriminals are targeting victims via two or more communication platforms to increase the legitimacy of attacks and in turn, their success rate.  

  • Following an initial phishing email, Microsoft Teams was the most common second step (30.8%)  
  • Slack was the second most common follow-up step (19.2%) 
  • SMS was the third most common second step (18.6%) 

Source: Phishing Threat Trends Report, April 2024.  

The SEG’s days are numbered  

In the modern email security market, there is significant overlap in the detection capability between secure email gateways (SEGs) and Microsoft 365. Legacy technologies can be helpful for detecting spam and known attacks. However, SEGs rely too heavily on these methods to defend against the full range of sophisticated threats targeting organizations. 

As such, many Cybersecurity leaders are looking beyond the SEG to more advanced solutions.  

  • 91% of cybersecurity leaders expressed frustration with their SEG 
  • 87% are considering replacing their SEG with Microsoft 365 and integrated clause email security (ICES) solutions, or have already done so 
  • In January to March 2024, there was a 52.2% increase in attacks that bypassed SEG detection 
  • In 2024, 84.2% of phishing attacks passed DMARC authentication, one of the most common authentication protocols used by SEGS 
  • 20.2% of the phishing emails that bypassed the SEG employed technical measures to avoid detection by Microsoft 365 and SEGs 
  • 68.4% of these attacks passed authentication checks, including DMARC 

Source: Phishing Threat Trends Report, April 2024, and Phishing Threat Trends Report, October 2024. 

Evolving phishing threats demand proactive security adaptation 

Phishing threats in 2024 are increasingly sophisticated, leveraging AI, multi-channel strategies, and new methods like quishing. With 95% of cybersecurity professionals stressed about email security and a significant number of organizations experiencing negative fallout from phishing attacks, it's clear that traditional security measures like SEGs are no longer sufficient.  

Staying informed about these trends and proactively updating security strategies is crucial for any organization to mitigate risks, protect sensitive data, and maintain a resilient security posture. For more insights, read our latest  Phishing Threat Trends Report