If you’re like 99% of email users, you check your inbox every single day.
But how much do you really know about the messages that come and go from your email account?
These mind-blowing email and phishing facts will make you think twice about opening that strange email — and show you the consequences of poor cybersecurity.
Email Usage Facts
1. A Total of 306 Billion Emails Are Sent Every Day…
Every 24 hours, the wires and waves that comprise the internet handle a staggering amount of data. Currently, daily global internet traffic clocks in at around 5.3 exabytes (PDF link) — that’s 5,690,831,667 gigabytes.
Included in that amount: some 306.4 billion emails (PDF link) as of 2020.
That’s a massive change from just 5 years ago, when 205.6 billion emails (PDF link) were sent per day.
2. Over 50% of the World’s Population Uses Email
Of the world’s 7.5 billion people, 4.3 billion are email users (PDF link).
That number is only going to get larger as more and more of the world gets connected to the internet. Tech consulting firm Radicati predicts that the number of email users will grow by around 3% a year through 2024.
3. The Average Business Email Account Receives 96 Emails Per Day…
Many people have separate work and personal email accounts for a very good reason: business-related emails are both numerous and neverending.
On average, a business email account receives 96 emails per day (PDF link) to its inbox.
Of those 96 emails, 77 of them are legitimate messages while the remaining 19 are spam. That’s nearly 20% of your business inbox that’s devoted to spam — and that figure doesn’t include messages that get caught by your spam filter.
4. …And Sends 30 Emails Per Day
At least some of that full inbox is your own doing: people need to reply to the emails you send. And if you’re like the average person, you probably send around 30 emails a day (PDF link) from your business email account.
Spam Email Facts
5. In 2008, Over 92% of All Email Was Spam…
If you were using email back in 2008, chances are that you dreaded opening your inbox because of all the spam.
And you weren’t alone: 92.6% of all email traffic in 2008 was spam.
6. …But in 2019, Spam Accounted for Just 28.5% of All Email
2008 may have been a dreadful year for email, but the tech industry stepped up to fix the problem.
By developing better spam filters and cracking down on suspected spammers, it was able to bring the global spam rate down to just 28.5% in 2019.
7. Only 2.5% of All Spam Is Related to Scams or Fraud
If there’s a bright side to the existence of spam, it’s probably this: the vast majority of it isn’t actively malicious.
Scams and fraud account for just 2.5% of all spam emails.
The rest of the spam consists mostly of 3 different subcategories: annoying ads (36% of spam emails), adult-related (31.7%) and unwanted financial emails (26.5%).
Email Crime and Phishing Facts
8. 3.4 Billion Fake Emails Are Sent Every Single Day…
That email you just received may not be from the sender you think it’s from.
A whopping 3.4 billion fake emails are sent worldwide every day. That means that impersonators account for around 1% of all emails.
These phishing emails use spoofed email addresses to appear as if they’re legitimate, fooling recipients into clicking on dangerous links or handing over sensitive information.
9. 80% of All Email Inboxes Are Protected Against Spoofing…
Email authentication technologies like DMARC (Domain-based Message Authentication, Reporting, and Conformance) are able to catch spoofed emails and prevent you from falling victim to them.
It’s very effective and widespread: around 80% of all email inboxes (business and personal) are protected with DMARC.
10. …But Only 20% of Businesses Take Action Against Fake Emails
Only around 20% of business inboxes use DMARC, leaving employees and sensitive business information vulnerable to phishing attacks.
The primary reason given for this low enforcement rate: DMARC is difficult to implement in large business networks, to the point that many companies have to hire costly outside contractors that specialize in DMARC implementation.
11. 86% of People Believe that They May Have Experienced a Phishing Attempt…
A survey by cybersecurity company Norton revealed just how widespread phishing is. 86% of respondents stated that they may have experienced a phishing incident.
12. …But Around 40% of People Can’t Distinguish a Phishing Email from a Real One…
That same Norton survey also revealed a sobering truth: around 40% of respondents could not reliably tell the difference between a phishing email and a legitimate one.
Around 30% of the respondents simply did not detect a phishing email, while another 13% had to guess whether or not an email was a phishing attempt.
13. …And 97% of People Can’t Detect Sophisticated Phishing Emails
Luckily, many phishing emails are poorly written or lazily put together, making it easier to detect them.
But phishers who are skilled enough to put together more believable emails are on the rise. And that’s bad news for the rest of us: 97% of people cannot detect sophisticated phishing emails.
14. 73% of All Scam or Fraud-Related Emails Are Phishing Attempts
Digital identity theft (aka phishing) is the preferred modus operandi for email scammers. Phishing accounts for 73% of all fraudulent or scam emails.
And there’s a good reason for that: it’s incredibly effective, as we’re about to see.
Consequences of Phishing
15. Over 20% of All Data Breaches in 2020 Were the Result of Phishing
In 2020, phishing was responsible for more successful data breaches than any other tactic. Over 20% of all data breaches were the result of phishing — more than hacking, malware, errors and physical breaches.
And around 15% of all attempted breaches (successful or not) involved phishing, putting it at a distant second behind hacking (which accounted for nearly 60% of all attempts).
16. 88% of Organizations Have Been Targeted by Spear Phishing Attacks…
Spear phishing is a type of phishing that targets specific individuals.
According to cybersecurity consulting firm Proofpoint, 88% of organizations (PDF link) were attacked by spear phishers in 2019.
And 55% of organizations experienced successful phishing attacks, with nearly 55% of victims suffering data loss and around 35% suffering financial loss or wire fraud as a result.
17. …And A Third of Them Have Been Victims of Whaling
Whaling is a type of spear phishing that targets high-level executives such as CEOs, COOs and CFOs.
By impersonating these important individuals, phishers can trick lower-level employees into handing over financial records, tax documents and highly sensitive information.
Cybersecurity firm Red River reports that one third of organizations have experienced whaling attacks.
18. Spear Phishing Costs Businesses an Average of $1.6 Million Per Attack
A successful spear phishing attack can bankrupt a business.
On average, a spear phishing attack costs an organization $1.6 million. This includes any money stolen by the phisher as well as the costs needed to recover from the attack.
The Future of Phishing
19. Around 500,000 Unique Phishing Email Campaigns Are Active Each Year
Each quarter, the Anti-Phishing Working Group collects around 125,000 reports of unique phishing email campaigns (each phishing email subject line is considered a single campaign).
20. 83% of Phishing Emails Now Involve Brand Impersonation
Impersonating a trusted brand is one of the oldest tricks in the phishing playbook, and it’s only getting more popular.
83% of all phishing emails are designed to impersonate well-known brands and companies.
And 32% of these brand-impersonating phishers pretend to be Microsoft. 21% impersonate Apple and 8% each impersonate DocuSign and Chase.
21. Nearly 80% of Phishing Websites Now Use SSL Encryption
Previously, it was easy to identify phishing emails because the sites they linked to were unsecured. Your browser would alert you to the lack of SSL encryption, tipping you off to the fake nature of the message.
But that’s no longer a reliable way to detect phishing attempts. 77.6% of phishing websites (PDF link) are now secured with SSL, just like the legitimate websites you use every day.
Phishers are making use of free SSL certificates to “secure” their own websites, but they’re also hacking into existing websites that use SSL and planting their phishing files there.
Since February 2020, when the coronavirus pandemic began to spread, phishing attempts have increased by 600%, cementing their status as the most popular attack vector for cybercriminals.
The figure encompasses all phishing attempts, whether directed at individuals or businesses.