71.10% | Global spam email as percent of total email in April 2014 |
48.16% | Global spam volume as percent of total email in March 2018 |
52% | Percentage of participants in a recent survey who said spam was a major problem |
14.5 billion | Spam emails that are sent every day |
1 | USA’s rank when it comes to global spam email generation |
2 | South Korea’s rank when it comes to global spam email generation |
36% | Advertising spam’s contribution to overall spam count |
31.70% | Adult spam’s contribution to overall spam count |
26.50% | Financial spam as percent of overall spam |
2.50% | Scams and fraud as percent of overall spam |
73% | Identity fraud as percent of overall scam and fraud email |
52% | Companies in a survey that listed minimizing spam as top priority |
2.4 billion | Spam emails blocked by MSN every day |
$20.5 billion | Annual cost to productivity due to spam |
$1,934 | Productivity cost per employee |
12.5 million | Average number of spams sent for every one response |
$3.5 million | Money that spammers earn annually |
4 | Number of times spam increased in 2016 |
1 in 131 | Emails that contained a malware in 2016 |
60% | Malware that was packaged in JavaScript attachments |
26% | Malware that was embedded in malicious macros enabled MS Office documents |
26% | The percentage of malware attachments that were disguised as invoices |
13% | The percentage of malware attachments that were disguised as documents |
10% | The percentage of malware attachments that were disguised as mail delivery failure |
25% | Percentage of phishing emails targeting the theft of Apple IDs |
17% | Percentage of phishing emails targeting the theft of Microsoft OWAs |
10.50% | Percentage of phishing emails targeting the theft of Paypal |
13.60% | The clickthorugh rate (CTR) of large phishing campaigns targeting the theft of Dropbox ID |
12.80% | The clickthorugh rate (CTR) of large phishing campaigns targeting the theft of Adobe accounts |
0.80% | The clickthorugh rate (CTR) of large phishing campaigns targeting the theft of Paypal IDs |
78.60% | The clickthorugh rate (CTR) of small phishing campaigns (less than 100 messages) targeting local postal service |
25.10% | The clickthorugh rate (CTR) of small phishing campaigns (less than 100 messages) targeting WeTransfer |
400 | Number of businesses targeted by BEC (Business Email Compromise) attacks every day |
$5 billion | Loss due to BEC scams between October 2013 and December 2016 |
45% | Increase in BEC attacks in Q4 2016 |
870% | Increase in W2 phishing emails in 2017 |
76% | Organizations that were a victim of phishing in 2016 |
52% | Successful email attacks where victims click within one hour |
30% | Successful email attacks where victims click within 10 minutes |
76% | The number of breaches that were financially motivated |
12% | State affiliated actors involved in attacks |
28% | Cyberattacks that were perpetrated by insiders |
17% | Data breaches due to employee errors (like failure to shred confidential information) |
123456 | The most common password making people vulnerable to cybercrime |
4% | Percentage of people who will click on any given phishing campaign |
78% | Percentage of people who won’t click on any phishing campaign all year |
16 minutes | Time until the first click on a phishing campaign |
28 minutes | Time until a report from a savvy user |
39% | Ransomware as a percentage of all malware |
536 | The number of breaches in the healthcare industry |
338 | The number of breaches in the accommodation industry |
68% | Percentage of breaches that took months to discover |
3% | Percentage of breaches that were uncovered in minutes |
60%-70% | Spam emails that made use of malicious URLs independently or with attachments |
56% | Percentage of BEC attacks executed through reply-to spoofing |
43% | Percentage of BEC attacks executed through display name spoofing |
33% | Percentage of malicious emails that had banking trojans |
16000 | Number of publishers who offered malicious apps through vendor-sanctioned and third party app stores |
167% | Growth in angler phishing (or social media support phishing) |
20% | Decrease in malicious URLs distributed through social media |
16.25% | Percentage of spam mails targeting Germany (the most in the world) |
29.02% | Percentage of users in Brazil affected by phishing (the most in the world) |
11% | Percentage of Canadian digital marketers who felt the government’s anti-spam regulation had a dramatic impact on their email marketing campaigns |
49% | Percentage of Canadian digital marketers who felt the government’s anti-spam regulation had no impact on their email marketing campaigns |
9.9 million | Twitter accounts identified as spammy in May 2018 |
214% | Year on year Increase in the number of Twitter accounts being removed for spam violations |
17000 | Number of times tweets were reported for spam every day in May 2018 |
142,000 | Number of apps using Twitter API that were suspended for spam in Q1 2018 |
10.80% | Organizational susceptibility rate to attacks |
97% | Consumers who could not correctly identify a phishing scam email in 2015 |
45% | Percent of survey respondents who received phishing via phone calls and SMS |
3% | Percent of survey respondents who experienced a USB-based social engineering attack |
53% | Information Security professionals who experienced spear phishing attacks (messages sent from known or trusted senders) in 2017 |
67% | Percentage of spear phishing victims who experienced under 5 attacks per quarter |
8% | Percentage of spear phishing victims who experienced 26 or more attacks per quarter |
9% | Average click through rate across all simulated attacks |
64% | Organizations that measure the cost of phishing via loss of productivity among employees |
97% | Organizations that protect against breaches with email spam filters |
47% | Organizations that protect against breaches with advanced malware analysis tools |
44% | Organizations that protect against security breaches with outbound proxy protection |
31% | Organizations that protect against security breaches with URL wrapping |
95% | Organizations that train end users to identify phishing emails in 2017 |
54% | Information Security professionals who believe training helps reduce phishing susceptibility |
79% | Organizations that used computer based awareness training programs to train users on security |
68% | Organizations that used phishing simulation exercises to train users on security |
35% | Organizations that train users on phishing and security on a monthly basis |
25% | Infosec professionals who remove users’ access to system on account of repeatedly falling for phishing attacks |
5% | Infosec professionals who charge a monetary penalty from users on account of repeatedly falling for phishing attacks |
11% | Infosec professionals who terminate users on account of repeatedly falling for phishing attacks |
57% vs. 36% | Organizations in the US vs. the UK who experienced spear phishing campaigns in 2017 |
14% vs. 5% | Organization in the US vs. the UK who experienced data loss due to phishing in 2017 |
86% vs. 53% | Organizations in the US vs. the UK who assess their susceptibility to phishing attacks |
72% | Adults aged 55 and over who were able to successfully recognize phishing |
61% | Adults aged 18-29 years who were able to successfully recognize phishing |
9% | Average click-through rate for smishing (phishing over SMS) tests |
86% | Percentage of phishing attacks targeting people in the United States |
16.10% | Percentage of phishing attacks targeting payment services industry |
26.10% | Percentage of phishing attacks targeting email and online services |
2.30% | Percentage of phishing attacks targeting people in China |
0.50% | Percentage of phishing attacks targeting people in India |
80% | The percentage drop in phishing attacks targeting British organizations between 2014 and 2018 |
33% | Percentage of phishing attacks carried out through sites hosted on a HTTPS server |
19% | People polled in a survey who believed a green lock against a website in the browser meant that the website is safe |
56% | Percentage of phishing sites hosted in the United States |
121% | Percentage annual growth in the number of phishing sites hosted in India in 2017 |
1.50% | Percentage of phishing sites that were hosted on a .TK domain |
37% | Phishing sites that were hosted on a country TLD (ccTLD) |
Sources:
https://www.statista.com/statistics/420391/spam-email-traffic-share/
https://www.spamlaws.com/spam-stats.html
https://www.propellercrm.com/blog/email-spam-statistics
http://www.techradar.com/news/internet/computing/spam-gets-1-response-per-12-500-000-emails-483381
https://blog.barkly.com/phishing-statistics-2017
https://www.proofpoint.com/us/human-factor-2018?action
http://www.verizonenterprise.com/verizon-insights-lab/dbir/
https://www.proofpoint.com/sites/default/files/pfpt-us-tr-q117-threat-report.pdf
https://usa.kaspersky.com/about/press-releases/2018_fifa-2018-and-bitcoin-among-2017-most-luring-topics
https://blog.twitter.com/official/en_us/topics/company/2018/how-twitter-is-fighting-spam-and-malicious-automation.html
https://info.wombatsecurity.com/hubfs/2018%20State%20of%20the%20Phish/Wombat-StateofPhish2018.pdf?submissionGuid=2ecea77c-aa0d-404a-b0f4-030732e60a3a
https://info.phishlabs.com/hubfs/2018%20PTI%20Report/PhishLabs%20Trend%20Report_2018-digital.pdf