51.54% of the phishing infrastructure is directly hosted, while 48.46% is protected by CDN/proxy services.

68% of all phishing infrastructure tracked operates on Cloudflare as of the current year.

11,324 phishing domains used the .com top-level domain, making it the most common among attackers.

80% of phishing attempts analyzed by Darktrace in 2024 impersonated Amazon.

There was a 229% spike in phishing scams on Black Friday.

Phishing scams increased by 118% during Thanksgiving.

There is a 14% increase in phishing scams around Christmas.

Phishing activity overall increased by 128% during the 2025 holiday period compared to the 2024 holiday period.

27% of people are targeted by scam text messages daily.

Phishing attacks rose by 21% in 2025

55% of people receive scam text messages weekly.

77% of Chief Information Security Officers identified AI-generated phishing as a serious and emerging threat in 2025

71% of Japanese respondents identified phishing as the top threat facing their organization, significantly higher than the global average.

Phone-based vishing attacks increased by 449% in 2025 compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails.

In 2025, cybercriminals increased their abuse of legitimate platforms like QuickBooks, Zoom, SharePoint, and PayPal by 67% year-to-date.

66% of simulated phishing emails utilized domain spoofing techniques.

In 2025, 77% of callback numbers used AI-generated voices, while 69% of vishing attacks were financially motivated, requesting bank detail changes, fraudulent refunds, or transfers.

25% of the top 20 attachments opened in simulated phishing emails were Word documents.

PDFs comprised 56% of the top 20 attachments opened in simulated phishing emails.

19% of the top 20 attachments opened in simulated phishing emails were HTML files.