The most common third-party platforms used for phishing were: • sendgrid.com • salesforce.com • amazonaws.com • sendlayer.com • mailgun.com • marketo.com.

20% of phishing emails between September 15, 2024 and February 14, 2025 relied solely on social engineering.

In 2024, there was a 47% increase in phishing emails evading detection by Microsoft’s native security and secure email gateways.

Most polymorphic phishing emails are sent from compromised accounts (52%), followed by phishing domains (25%), and webmail (20%).

25.9% of phishing emails between September 15, 2024 and February 14, 2025 contained attachments.

There was a 17.3% increase in phishing emails between September 15, 2024 and February 14, 2025 compared to the previous six months.

Cybercriminals created nearly 1 million new phishing sites each month in 2024. This represents a 700% increase since 2020.

Nearly 51% of browser-based phishing attempts involved some form of brand impersonation in 2024.

75% of phishing links are hosted on good, trusted websites.

Four of the top five hosting providers used by bad actors to host phishing attacks were based in the U.S. in 2024.

There is up to six days as the average window of exposure before legacy security tools begin blocking pages from zero-hour phishing attacks.

Cybercriminals created nearly 1 million new phishing sites each month in 2024. This represents a 700% increase since 2020.

There has been a 140% increase in browser-based phishing attacks in 2024 compared to 2023.

Phishing attacks hosted on subdomain providers increased by 51% in 2024, representing 24% of all phishing attacks.

Solara Medical Supplies' $9.76 million settlement was due to a phishing-related breach affecting 114,000 patient records.

For medium sized organisations, the average Phish Prone Percentage PPP after one year of sustained training dropped to 5.2%.

After 90 days of training and simulated phishing tests, the Phish Prone Percentages (PPPs) for the education sector reduced to 19%, 19.4%, and 18% respectively for small, medium, and large organisations.

The median time for users to fall for phishing emails is less than 60 seconds.

More than 20% of users identified and reported phishing per engagement, including 11% of the users who did click the email.

For education institutions with 250-999 employees, the baseline Phish Prone Perecentage (PPP) was 31.2%.