Skip to main content

CYBERSTATS

Security Intelligence

HomeTopicsPhishing

Phishing

Email security statistics, phishing attack trends, user awareness metrics, and defense effectiveness data.

Related Topics

Email Security13Phishing Techniques9Email Attack6Scams6Consumer6Email Threats4

Top Vendors

KnowBe478VIPRE30Barracuda13Paubox10Dune10SicuraNext9

Showing 21-40 of 315 results

In 2025, obfuscations to hide URLs from detection were seen in 48% of phishing attacks.

Barracuda1/13/2026
Phishing TechniquesObfuscation

The number of known phishing kits doubled during 2025, reaching a significant increase in active use.

Barracuda1/13/2026
Phishing Kits

Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months

StrongestLayer1/13/2026
Email SecurityEmail Threats

DocuSign accounted for more than 20% of all advanced email attacks analyzed.

StrongestLayer1/13/2026
Email SecurityEmail Threats

In 2025, 'ClickFix' social engineering techniques were used in 1% of phishing attacks.

Barracuda1/13/2026
Phishing TechniquesSocial Engineering

100% of advanced email threats bypassed incumbent email security, including Microsoft E3/E5 and leading secure email gateways.

StrongestLayer1/13/2026
Email SecurityEmail Threats

In 2025, attacks bypassing multifactor authentication (MFA) were reported in 48% of phishing attacks.

Barracuda1/13/2026
MFAMFA Bypass

87 out of every 10,000 users clicked on a phishing link each month in 2025.

Netskope1/13/2026
Phishing LinksUser Behavior

77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.

StrongestLayer1/13/2026
Email SecurityEmail Threats

In 2025, the use of 'Blob URIs' was noted in 2% of phishing attacks.

Barracuda1/13/2026
Phishing Techniques

In 2025, the abuse of trusted, legitimate online platforms was noted in 10% of phishing attacks.

Barracuda1/13/2026
Phishing Techniques

89% of schools experienced at least one cyber incident in the past year, primarily phishing, unauthorized access, and malware.

Action11/1/2026
Cyber IncidentEducation

92% of school IT leaders expect AI-powered phishing to be the most dangerous threat in the coming year

Action11/1/2026
EducationIT Leadership

IT leaders estimate only 5% of known phishing attacks are reported by healthcare employees to their security teams.

Paubox12/14/2025
Email SecurityEmail Breach

In the last quarter, over 42,000 validated URLs and domains were identified as actively serving phishing kits, command-and-control infrastructure, or payload delivery.

SicuraNext12/6/2025
Phishing KitsComman and Control Infrastructure

Meta was mentioned 10,267 times, accounting for 42% of all brand impersonation tracked.

SicuraNext12/6/2025
MetaBrand Impersonation

72% of phishing domains in the dataset utilized obfuscation via legitimate services.

SicuraNext12/6/2025
Phishing Domains

68% of all phishing infrastructure tracked operates on Cloudflare as of the current year.

SicuraNext12/6/2025
Phishing InfrastructureCloudflare

11,324 phishing domains used the .com top-level domain, making it the most common among attackers.

SicuraNext12/6/2025
Phishing Domains

Over the past four months, 20 distinct phishing clusters were identified based on shared infrastructure fingerprints.

SicuraNext12/6/2025
Phishing Infrastructure