Please fill in the form below to subscribe to our blog

10 Phishing Facts: Employee Behavior & Insider Risk

April 08, 2022

These Phishing Facts Illustrate the Dangers of Employee Mistakes


Phishing is one of the biggest threats that any organization faces today. An estimated 80% of companies say that they experienced an increase in the number of phishing attacks they faced in 2021, and no one expects that to slow down anytime soon.   The precursor to damaging cyberattacks like business email compromise, ransomware, account takeover and more, a strong defense against phishing is an important foundational element of any strong cyber defense. These phishing facts help illustrate the importance of building that strong defense against phishing. 

That’s what makes employee behavior around phishing so critical to keeping organizations safe from cybercrime. Unfortunately, employee behavior can be unpredictable, and employees will inevitably make mistakes. Human error causes, like an employee opening a dodgy email, are responsible for an estimated 90% of security breaches at organizations of every size according to IBM’s X-Force Threat Intelligence Index. Learning more about employee behavior and insider risk in relation to phishing can help keep organizations away from phishing trouble. 


Get a step-by-step guide to building an effective security and compliance awareness training program. GET GUIDE>>


10 Phishing Facts About Dangerous Employee Behavior


  • One-fifth of employees in a study interacted with spurious emails.  
  • 45% of employees click emails they consider to be suspicious “just in case it’s important.”  
  • 1 in 3 employees are likely to click the links in phishing emails.    
  • 41% of employees failed to notice a phishing message because they were tired.    
  • 47% of workers cited distraction as the main factor in their failure to spot phishing attempts.  
  • 30% of phishing messages get opened by targeted users. 
  • 1 in 8 employees are likely to share information requested in a phishing email.      
  • 60% of employees opened emails they weren’t fully confident were safe.    
  • 45% of employees never report suspicious messages to IT for review.       
  • 97% of employees cannot spot a sophisticated phishing email. 

See the top 5 risks businesses face from nation-state cybercrime and how to stay out of trouble. GET LIST>>


It’s a Sad but True Phishing Fact: Employee Encounter Brand Fraud and Spoofing Every Day  


Every day, employees receive an ever-growing volume of email messages, and how those messages are handled can make or break a company’s security and its budget. Especially when those messages are phishing attacks – an estimated 65% of insider threat incidents are caused by employee actions around phishing. Many of those email messages are supposedly from well-known brands. But not all of those messages are trustworthy.

Brand impersonation is a common cybercriminal tactic – 25% of all branded emails that companies receive are spoofed or brand impersonation attempts. Traditionally Microsoft holds the top spot. But DHL surpassed them at the end of 2021. Microsoft came in at number two, the brand that cybercriminals mimicked for one-fifth of phishing schemes. Communication juggernaut WhatsApp came in third with Google just on its heels. LinkedIn is still a cybercriminal go-to, but Facebook (now going by Meta) dropped out of the top 10 in 2021.   

Phishing Facts: The 10 Most Impersonated Brands

  1. DHL 23%  
  2. Microsoft 20%  
  3. WhatsApp 11%  
  4. Google 10%  
  5. LinkedIn  8%  
  6. Amazon  4%  
  7. Roblox  3%  
  8. FedEx  3%  
  9. PayPal  2%  
  10. Apple  2% 

Be the hero that defeats your company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


These Phishing Facts Show That Every Industry is At Risk of Trouble


Approximately 145 million people use Microsoft 365 every day. That’s a big reason why Microsoft is the perennial champion of brands that are imitated for attachments. Employees handle a lot of Office files giving cybercriminals plenty of openings to deploy ransomware or other dirty tricks. Just under 50% of malicious email attachments arrive in Microsoft Office formats. Microsoft Office formats like Word, PowerPoint and Excel are popular file extensions for cybercriminals to use when transmitting malware via email, accounting for 38% of phishing attacks. The next most popular delivery method: archived files such as .zip and .jar, which account for about 37% of malicious transmissions.   

The Top 5 Sectors in Which Employees Are Likely to Interact with Phishing Messages   

  1. Consulting  
  2. Apparel and accessories  
  3. Education  
  4. Technology  
  5. Conglomerates/Multi-Nationals  

In which industries will cybercriminals find the people who are most likely to submit credentials or share information? These are the top 5 most vulnerable industries:   

The Top 5 Sectors in Which Phishing Leads to Credential Compromise  

  1. Apparel and accessories  
  2. Consulting  
  3. Securities and commodity exchanges  
  4. Education  
  5. Conglomerates/Multi-Nationals 

Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work.  DOWNLOAD IT>>


Website Categories Most Targeted by Phishing Attacks  

As the percentage of total recorded phishing attacks in Q1 2021  

  1. Financial Services & Banking: 24.9%  
  2. Social Media: 23.6%  
  3. SaaS & Webmail: 19.6%  
  4. Payment: 8.5%  
  5. E-Commerce & Retail: 7.6%  
  6. Shipping & Logistics: 5.8%  
  7. Cryptocurrency: 2%  
  8. Other: 8% 

Where are the bad guys sending those messages inside an organization? A phishing study shows that the answer is: All over the place. No department is safe from the enticements of sophisticated phishing messages. Surprisingly, 75% of the respondents indicated that the targets of many phishing attempts were IT staffers themselves, who you’d think would be savvy to these attacks, except 40% of those IT staffers fell for the bait.     

Departments Most Likely to Be the Target of Phishing   

% of total attacks a business experiences

  1. IT = 75%   
  2. Sales =35%   
  3. Executives = 27%   
  4. Marketing = 25%   
  5. Customer Support = 21%  

The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


It’s a Phishing Fact That It’s Growing More Expensive


Phishing volume reported to the U.S. Federal Bureau of Investigations Internet Crime Complaint Center (FBI IC3) had a solid 29% growth in 2021, rising from 241,342 in 2020 to 323,972 in 2021. Phishing has shown consistent growth year-on-year

The cost of phishing is also constantly growing. The 2021 Ponemon Cost of Phishing Study shed light on the massive revenue hits that companies can suffer in the wake of a successful phishing attack. The biggest takeaway from this report is the colossal increase in the cost of a phishing attack for businesses. Researchers say that the cost of phishing attacks has almost quadrupled over the past six years, with large US companies losing an average of $14.8 million annually (or $1,500 per employee) to phishing. That’s without adding the expense of dealing with an incident investigation, regulatory penalties or ransoms (and paying ransoms can be illegal).   


Use this eBook to show budget controllers in dollars and cents why security & compliance training is a smart investment. GET IT>>


Ransomware attacks commonly start with a phishing message. IC3 received 3,729 complaints identified as ransomware in 2021, a 51% increase over 2020’s 2474. Those complaints also cost victims a lot more money than in previous years. Ransomware victims suffered losses of more than $49.2 million. That’s a 69% increase over the $29,157,405 recorded in 2020. 

By far the most financially damaging potential result of phishing is business email compromise (BEC). In fact, the FBI declared it 64x worse than ransomware for businesses. There was 28% growth in BEC losses between 2020 and 2021. The BEC/EAC category clocked in at a painful $2,395,953,296 in losses. That’s an average loss of $120,000 per victim, compared to last year’s $96,700 per victim. Investment scams rolled in in second place, up an astonishing 333% over 2020.    

 Source: FBI IC3


Get a step-by-step guide to building an effective security and compliance awareness training program. GET GUIDE>>


This Phishing Fact is Also True: Security and Compliance Awareness Training Reduces the Risk of An Employee Falling for Phishing 


Security awareness training has a huge effect on employee behaviors around phishing, bringing businesses an array of powerful benefits that save money and reduce risk fast. 

Protect Your Organization from Phishing and Other Cyberattack Dangers with the ID Agent Digital Risk Protection Platform 

The innovative solutions in the ID Agent digital risk protection platform provide a powerful defense against cybercrime including phishing. 

Identity and Access Management 

Passly packs all of the features you need to provide strong, secure identity and access management into one affordable package. 

  • Two-Factor Authentication (2FA) is the most powerful weapon that you can deploy against cybercrime, blocking 99% of cyberattacks on its own. 
  • Single sign-on makes controlling permissions, onboarding and offboarding users a breeze while also speeding incident response times 
  • Secure shared password vaults – Centralize password storage in one central, secure repository 

Security and Compliance Awareness Training  

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size with an array of training options that enable you to provide the right training for each client’s individual business needs painlessly.   

  • A huge library of security and compliance training videos in 8 languages – and 4 new video lessons are added a month!   
  • Plug-and-play or customizable phishing training campaign kits with new kits released regularly  
  • Easy, automated training delivery through individual user portals  

Dark Web Monitoring  

Dark Web ID makes it easy for you to offer your clients best-in-class protection from dark web credential compromise risk that could be a fast pass to a data breach. An estimated 60% of data breaches involved the improper use of credentials in 2021.   

  • 24/7/365 monitoring using real-time, analyst validated data   
  • Fast alerts to compromises of business and personal credentials, including domains, IP addresses and email addresses   
  • Channel-leading performance and innovation 

Schedule your demo of Passly, Dark Web ID and BullPhish ID now.   

Don’t just take our word for it, see what these customers have to say: https://www.idagent.com/case-studies/ 


ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>



let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>