51.54% of the phishing infrastructure is directly hosted, while 48.46% is protected by CDN/proxy services.

Almost 60% of the observed indicators of compromise (IOCs) are linked with Phishing-as-a-Service (PhaaS).

The mean DNS resolution rate for phishing operators was 96.16%, indicating high availability and minimal downtime.

80% of phishing attempts analyzed by Darktrace in 2024 impersonated Amazon.

55% of people receive scam text messages weekly.

Phishing activity overall increased by 128% during the 2025 holiday period compared to the 2024 holiday period.

Phishing attacks rose by 21% in 2025

Phishing scams increased by 118% during Thanksgiving.

27% of people are targeted by scam text messages daily.

There was a 229% spike in phishing scams on Black Friday.

There is a 14% increase in phishing scams around Christmas.

77% of Chief Information Security Officers identified AI-generated phishing as a serious and emerging threat in 2025

71% of Japanese respondents identified phishing as the top threat facing their organization, significantly higher than the global average.

66% of simulated phishing emails utilized domain spoofing techniques.

82% of the top 20 clicked links in simulated phishing emails came from internally themed simulations between July 1, 2025, and September 30, 2025.

Phone-based vishing attacks increased by 449% in 2025 compared to 2024, with phone numbers appearing as the sole payload in 5.5% of phishing emails.

70% of simulated landing page interactions involve branded content.

25% of branded content interactions in simulated phishing emails involved Microsoft between July 1, 2025, and September 30, 2025.

25% of the top 20 attachments opened in simulated phishing emails were Word documents.

19% of the top 20 attachments opened in simulated phishing emails were HTML files.