Phishing
Cybersecurity statistics about phishing
Related Topics
Showing 81-100 of 389 results
82% of malicious files have unique hashes that traditional pattern-matching fails to detect.
76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.
In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.
Fifty percent of affected consumers cite immediate financial fraud as their primary fear, and 54 percent of consumers report an increase in targeted phishing attempts after a breach (2025)
Eighty-eight percent of consumers who received a data breach notice experience at least one negative consequence after a breach; 40 percent experience an increase in phishing or scam attempts; 49 percent experience an increase in spam emails or robocalls; 40 percent experience attempted takeover of an existing account (2025)
77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.
Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months
77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.
In 2025, the abuse of trusted, legitimate online platforms was noted in 10% of phishing attacks.
Clicks on phishing links decreased by 27%, from 119 per 10,000 users last year to 87 per 10,000 users this year.
In 2025, attacks bypassing multifactor authentication (MFA) were reported in 48% of phishing attacks.
In 2025, malicious QR codes were observed in 19% of phishing attacks.
In 2025, obfuscations to hide URLs from detection were seen in 48% of phishing attacks.
The number of known phishing kits doubled during 2025, reaching a significant increase in active use.
In 2025, 'ClickFix' social engineering techniques were used in 1% of phishing attacks.
100% of advanced email threats bypassed incumbent email security, including Microsoft E3/E5 and leading secure email gateways.
87 out of every 10,000 users clicked on a phishing link each month in 2025.
In 2025, 90% of high-volume phishing campaigns utilized Phishing-as-a-Service (PhaaS) kits.
DocuSign accounted for more than 20% of all advanced email attacks analyzed.
In late 2025, there were 10 million Mamba 2FA phishing attacks recorded.