Phishing Attacks Are What Percentage of Cyberattacks in 2023?

Have you ever received a random email asking you to click a link or put your personal credentials on a site?

Often, you can easily spot there is something *fishy* going on.

If you are one of the many who had this experience in the past, you have just experienced phishing. 

Due to the growing number of incidences, many are wondering: phishing attacks are what percentage of cyberattacks?

Clue: they are more than you think!

Tune in until the end of the article to find out interesting as well as alarming facts about phishing attacks. 

Phishing Attacks Are What Percentage of Cyberattacks in 2023?

For those curious to find out the answer to the question: “phishing attacks are what percentage of cyberattacks?”, let’s get this sorted. 

Data published by Deloitte reveals that 91% of all cyberattacks start with an email specifically created for phishing.

This means phishing attacks make up the biggest percentage of all cyber-related intrusions, coming ahead of malware, ransomware, and IoT compromises, among others. 

Different Types of Phishing Attacks

Before we dive right into the nitty-gritty of the costs of phishing attacks, it’s important to know there are different types of phishing activities. 

We will fill you in with information that will be helpful in distinguishing one from the other in case you find yourself in a similar situation in the future. 

1. Email Phishing

Email phishing is the most common type of phishing – an estimated 15 billion spam emails make their way across internet channels daily.

In 2021, more than 50% of all email traffic are spam mail. 

On a positive note, platforms like Gmail employ technologies that automatically recognize spam and put them in a corresponding folder accordingly.

Still, many of these manage to get into users’ inboxes.

Some are good at imitating legitimate sites, urging the receiver to take action about a “suspected problem” which turns out to be a hacking attempt. 

2. Spear Phishing

This is a targeted type of spear phishing where the attacker already knows some information about his intended victim. 

This email normally contains personal info such as the victim’s name and job affiliation to make it look and sound legitimate at first look. 

3. Whaling

Phishing attacks also target high-profile individuals such as a company’s executive team and senior officials. 

A whaling attack normally contains an email with a link asking about the company’s financial information such as a tax ID. 

There are many other types of phishing attacks: email phishing, spear phishing, and whaling are only a part of a long list of malicious breaches. 

Countries With the Highest Number of Phishing Attacks 

The frequency of phishing incidences varies among countries.

This data from Statista reveals Brazil has the most number of phishing attacks globally, accounting for 12.39% of all attacks in the county. 

• Brazil – an estimated 12.39% of all cyberattacks in the country is identified as one form of phishing attack
• France – an estimated 12.21% of all cyberattacks in the country is identified as one form of phishing attack
• Portugal – an estimated 11.40% of all cyberattacks in the country is identified as one form of phishing attack
• Mongolia – an estimated 10.98% of all cyberattacks in the country is identified as one form of phishing attack
• Reunion Island – an estimated 10.97% of all cyberattacks in the country is identified as one form of phishing attack
• Brunei – an estimated 10.89% of all cyberattacks in the country is identified as one form of phishing attack
• Madagascar – an estimated 10.87% of all cyberattacks in the country is identified as one form of phishing attack
• Angola – an estimated 10.79% of all cyberattacks in the country is identified as one form of phishing attack
• Australia – an estimated 10.74% of all cyberattacks in the country is identified as one form of phishing attack
• Ecuador – an estimated 10.73% of all cyberattacks in the country is identified as one form of phishing attack

Phishing Attacks by Industry

The incidence of phishing attacks also differs depending on the industry.

As of the first quarter of 2022, the financial industry has the highest percentage of these types of attacks, accounting for 23.60% of the total.

• Financial industry – an estimated 23.69% of all cyberattacks in the industry is identified as a form of a phishing attack
• SaaS or Webmail industry – an estimated 20.50% of all cyberattacks in the industry is identified as a form of a phishing attack
• E-commerce industry – an estimated 14.60% of all cyberattacks in the industry is identified as a form of a phishing attack
• Social media industry – an estimated 12.50% of all cyberattacks in the industry is identified as a form of a phishing attack
• Cryptocurrency industry – an estimated 6.60% of all cyberattacks in the industry is identified as a form of a phishing attack
• Payment industry – an estimated 5.00% of all cyberattacks in the industry is identified as a form of a phishing attack
• Logistics or shipping industry – an estimated 3.80% of all cyberattacks in the industry is identified as a form of a phishing attack

Most Common Types of Phishing Attachments

Here are the most common types of phishing attachments on emails:

1. Windows executables – 74% of all phishing attacks sent on emails contain this kind of attachment
2. Script – 11% of all phishing attacks sent on emails contain this kind of attachment
3. Office docs – 5% of all phishing attacks sent on emails contain this kind of attachment
4. Compressed files/zip – 4% of all phishing attacks sent on emails contain this kind of attachment
5. PDF docs – 4% of all phishing attacks sent on emails contain this kind of attachment
6. Java files, batch files, and shortcuts – 2% of phishing attacks sent on emails contain these kinds of attachments

Conclusion

Phishing attacks are what percentage of cyberattacks in 2023? 91% of all malicious breaches are phishing attacks.

This makes phishing the most common type of cyberattack, overtaking ransomware and malware down the line. 

As a regular internet user, you can bring down this percentage by taking necessary precautions as simple as employing two-factor authentication for your logins.

Sources