Skip to main content

CYBERSTATS

Security Intelligence

HomeTopicsPhishing

Phishing

Email security statistics, phishing attack trends, user awareness metrics, and defense effectiveness data.

Related Topics

Email Security13Phishing Techniques9Email Attack6Scams6Consumer6Email Threats4

Top Vendors

KnowBe478VIPRE30Barracuda13Paubox10Dune10SicuraNext9

Showing 1-20 of 315 results

51% of organizations have faced sophisticated, personalized phishing emails powered by deepfake technology.

Ivanti2/14/2026
DeepfakeSocial Engineering

76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.

Cofense2/9/2026
Malicious URLsEmail Attack

82% of malicious files have unique hashes that traditional pattern-matching fails to detect.

Cofense2/9/2026
Malicious FilesThreat Detection

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

Cofense2/9/2026
Domain AbuseCredential Theft

In Q4 2025, callback phishing increased from 3% to 18% of all phishing incidents, a 500% spike.

VIPRE Security Group2/9/2026
Callback PhishingEmail Security

Conversational attacks comprise 18% of all malicious emails.

Cofense2/9/2026
Email SecurityEmail Attack

Approximately 17% of healthcare email breaches were the result of phishing-driven mailbox takeovers.

Paubox2/9/2026
HealthcareEmail Security

In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.

Cofense2/9/2026
Email SecurityEmail Attack

Abuse of legitimate remote access tools increased by 900% by volume.

Cofense2/9/2026
Remote Access ToolsEmail Security

Fifty percent of affected consumers cite immediate financial fraud as their primary fear, and 54 percent of consumers report an increase in targeted phishing attempts after a breach (2025)

Identity Theft Resource Center2/4/2026
Financial Fraud

Eighty-eight percent of consumers who received a data breach notice experience at least one negative consequence after a breach; 40 percent experience an increase in phishing or scam attempts; 49 percent experience an increase in spam emails or robocalls; 40 percent experience attempted takeover of an existing account (2025)

Identity Theft Resource Center2/4/2026
Consumer HarmSpam

In 2025, malicious attachments were present in 18% of phishing attacks.

Barracuda1/13/2026
MalwarePhishing Techniques

In late 2025, there were 10 million Mamba 2FA phishing attacks recorded.

Barracuda1/13/2026
2FA

Clicks on phishing links decreased by 27%, from 119 per 10,000 users last year to 87 per 10,000 users this year.

Netskope1/13/2026
Phishing LinksUser Behavior

77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.

StrongestLayer1/13/2026
Email SecurityDocuSign

In 2025, 'polymorphic' attacks that varied the email header, body, and destination were seen in 20% of phishing attacks.

Barracuda1/13/2026
Phishing TechniquesPolymorphic

In 2025, CAPTCHA was leveraged for added authenticity in 43% of phishing attacks.

Barracuda1/13/2026
Phishing TechniquesCAPTCHA

In 2025, attacks leveraging generative AI were reported in 10% of phishing attacks.

Barracuda1/13/2026
Generative AI

In 2025, 90% of high-volume phishing campaigns utilized Phishing-as-a-Service (PhaaS) kits.

Barracuda1/13/2026
Phishing KitsPhishing-as-a-Service

In 2025, malicious QR codes were observed in 19% of phishing attacks.

Barracuda1/13/2026
QR CodesPhishing Techniques