Phishing Statistics

331 STATS74 SOURCES

Phishing by Industry

Education17Healthcare16Energy6Government2Financial Services2MSPs1Legal1Retail1Manufacturing1

Latest Statistics

88% of internal audit leaders identify AI-powered phishing attacks as a top risk.

The Internal Audit Foundation and AuditBoardInternal Audit and AI-Enabled Fraud·Feb 17, 2026
AI-Powered PhishingCybersecurity RiskInternal Audit

51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.

Ivanti2026 State of Cybersecurity Report: Bridging the Divide·Feb 12, 2026
PhishingDeepfakeSocial Engineering

In Q4 2025, callback phishing increased from 3% to 18% of all phishing incidents, a 500% spike.

VIPRE Security GroupQ4 2025 Email Threat Trends Report·Feb 4, 2026
PhishingCallback PhishingEmail SecuritySocial Engineering

82% of malicious files have unique hashes that traditional pattern-matching fails to detect.

CofenseThe New Era of Phishing: Threats Built in the Age of AI·Feb 4, 2026
Malicious FilesThreat DetectionPhishingEmail Attack

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

CofenseThe New Era of Phishing: Threats Built in the Age of AI·Feb 4, 2026
PhishingDomain AbuseCredential TheftCredential PhishingEmail Security

76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.

CofenseThe New Era of Phishing: Threats Built in the Age of AI·Feb 4, 2026
PhishingMalicious URLsEmail AttackEmail Security

Conversational attacks comprise 18% of all malicious emails.

CofenseThe New Era of Phishing: Threats Built in the Age of AI·Feb 4, 2026
PhishingEmail SecurityEmail Attack

In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.

CofenseThe New Era of Phishing: Threats Built in the Age of AI·Feb 4, 2026
PhishingEmail SecurityEmail Attack

Abuse of legitimate remote access tools increased by 900% by volume.

CofenseThe New Era of Phishing: Threats Built in the Age of AI·Feb 4, 2026
Remote Access ToolsPhishingEmail SecurityEmail Attack

Fifty percent of affected consumers cite immediate financial fraud as their primary fear, and 54 percent of consumers report an increase in targeted phishing attempts after a breach (2025)

Identity Theft Resource CenterIdentity Theft Resource Center 2025 Annual Data Breach Report: Record Number of Data Compromises in 2025; 79 Percent Jump Over Five Years.html·Jan 28, 2026
Financial FraudPhishing

Eighty-eight percent of consumers who received a data breach notice experience at least one negative consequence after a breach; 40 percent experience an increase in phishing or scam attempts; 49 percent experience an increase in spam emails or robocalls; 40 percent experience attempted takeover of an existing account (2025)

Identity Theft Resource CenterIdentity Theft Resource Center 2025 Annual Data Breach Report: Record Number of Data Compromises in 2025; 79 Percent Jump Over Five Years.html·Jan 28, 2026
Consumer HarmPhishingSpam

Clicks on phishing links decreased by 27%, from 119 per 10,000 users last year to 87 per 10,000 users this year.

NetskopeCloud and Threat Report: 2026·Jan 9, 2026
PhishingPhishing LinksUser Behavior

87 out of every 10,000 users clicked on a phishing link each month in 2025.

NetskopeCloud and Threat Report: 2026·Jan 9, 2026
PhishingPhishing LinksUser Behavior

77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.

StrongestLayerWhat Your Email Security Can't See ·Jan 8, 2026
Email SecurityEmail ThreatsPhishingDMARC

Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months

StrongestLayerWhat Your Email Security Can't See ·Jan 8, 2026
Email SecurityEmail ThreatsAIPhishing

77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.

StrongestLayerWhat Your Email Security Can't See ·Jan 8, 2026
Email SecurityPhishingDocuSignMicrosoftGoogle

100% of advanced email threats bypassed incumbent email security, including Microsoft E3/E5 and leading secure email gateways.

StrongestLayerWhat Your Email Security Can't See ·Jan 8, 2026
Email SecurityEmail ThreatsEmail GatewayPhishing

DocuSign accounted for more than 20% of all advanced email attacks analyzed.

StrongestLayerWhat Your Email Security Can't See ·Jan 8, 2026
Email SecurityEmail ThreatsDocuSignPhishing

In 2025, attacks bypassing multifactor authentication (MFA) were reported in 48% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingMFAMFA BypassPhishing Techniques

In 2025, malicious QR codes were observed in 19% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingQR CodesPhishing Techniques

In 2025, obfuscations to hide URLs from detection were seen in 48% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing TechniquesObfuscationPhishind Detection

The number of known phishing kits doubled during 2025, reaching a significant increase in active use.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing Kits

In 2025, 'ClickFix' social engineering techniques were used in 1% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing TechniquesSocial EngineeringClickFix

In 2025, 90% of high-volume phishing campaigns utilized Phishing-as-a-Service (PhaaS) kits.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing KitsPhishing-as-a-Service

In late 2025, there were 10 million Mamba 2FA phishing attacks recorded.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
Phishing2FA

In 2025, malicious attachments were present in 18% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingMalwarePhishing Techniques

In 2025, the abuse of trusted, legitimate online platforms was noted in 10% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing Techniques

In 2025, the use of 'Blob URIs' was noted in 2% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing Techniques

In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingGenerative AI

In 2025, CAPTCHA was leveraged for added authenticity in 43% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing TechniquesCAPTCHA

In 2025, 'polymorphic' attacks that varied the email header, body, and destination were seen in 20% of phishing attacks.

BarracudaThreat Spotlight: How phishing kits evolved in 2025·Jan 7, 2026
PhishingPhishing TechniquesPolymorphic

89% of schools experienced at least one cyber incident in the past year, primarily phishing, unauthorized access, and malware.

Action1Action1 Cybersecurity in Education Report 2025–2026·Dec 17, 2025
Cyber IncidentEducationPhishingUnauthorized AccessMalware

92% of school IT leaders expect AI-powered phishing to be the most dangerous threat in the coming year

Action1Action1 Cybersecurity in Education Report 2025–2026·Dec 17, 2025
EducationIT LeadershipPhishingAI-Powered Phishing

68% of all phishing infrastructure tracked operates on Cloudflare as of the current year.

SicuraNext68% Of Phishing Websites Are Protected by CloudFlare·Dec 1, 2025
PhishingPhishing InfrastructureCloudflare

Almost 60% of the observed indicators of compromise (IOCs) are linked with Phishing-as-a-Service (PhaaS).

SicuraNext68% Of Phishing Websites Are Protected by CloudFlare·Dec 1, 2025
PhishingIOCsPhishing-as-a-Service

The mean DNS resolution rate for phishing operators was 96.16%, indicating high availability and minimal downtime.

SicuraNext68% Of Phishing Websites Are Protected by CloudFlare·Dec 1, 2025
Phishing

51.54% of the phishing infrastructure is directly hosted, while 48.46% is protected by CDN/proxy services.

SicuraNext68% Of Phishing Websites Are Protected by CloudFlare·Dec 1, 2025
PhishingPhishing Infrastructure

IT leaders estimate only 5% of known phishing attacks are reported by healthcare employees to their security teams.

Paubox2025 healthcare email security report·Dec 1, 2025
Email SecurityEmail BreachHealthcarePhishing

Over the past four months, 20 distinct phishing clusters were identified based on shared infrastructure fingerprints.

SicuraNext68% Of Phishing Websites Are Protected by CloudFlare·Dec 1, 2025
PhishingPhishing Infrastructure

In the last quarter, over 42,000 validated URLs and domains were identified as actively serving phishing kits, command-and-control infrastructure, or payload delivery.

SicuraNext68% Of Phishing Websites Are Protected by CloudFlare·Dec 1, 2025
PhishingPhishing KitsComman and Control InfrastructurePayload Delivery