Get Started
Get Started

Phishing Statistics / Report

Key Takeaways

  • The FBI said phishing/spoofing was the top cybercrime by complaint volume in 2024.
  • In the FBI’s new 2025 Internet Crime Report, phishing/spoofing remained one of the most frequently reported complaint types, and total IC3 complaints rose to 1,008,597.
  • Verizon’s 2025 DBIR says human involvement appeared in 60% of breaches, showing why phishing and social engineering remain such durable attack methods.
  • Verizon also says that in basic web application breaches, about 88% involved stolen credentials, which is highly relevant because phishing is a major way credentials are stolen.
  • FTC and FBI data together suggest phishing is not just a nuisance problem. It is often the front door to broader fraud, account takeover, and financial loss. This is an inference based on the cited complaint and breach-pattern data.
  • Older adults remain especially exposed to phishing-related harm. The FBI said people over 60 suffered the most losses in 2024, at nearly $5 billion.

CORE STATISTICS

  • The FBI said the top three cybercrimes by number of complaints in 2024 were phishing/spoofing, extortion, and personal data breaches.
  • IC3 received 859,532 complaints in 2024 with losses of more than $16.6 billion.
  • IC3 received 1,008,597 complaints in 2025, averaging almost 3,000 complaints per day, and losses surpassed $20 billion.
  • In IC3’s 2025 report, phishing/spoofing complaints among adults 60+ totaled 48,064.
  • In that same 2025 IC3 report, adults 60+ reported about $77.0 million in phishing/spoofing losses.
  • Verizon’s 2025 DBIR says 60% of breaches involved a human element.
  • Verizon says roughly 88% of breaches in its basic web application attack pattern involved stolen credentials.

TRENDS & INSIGHTS

The clearest phishing trend is that phishing remains one of the most reliable ways for criminals to start an attack. FBI complaint data keeps putting phishing/spoofing at or near the top by volume, while Verizon’s breach data keeps pointing back to stolen credentials and human involvement. Taken together, that suggests phishing is still one of the simplest ways to move from contact to compromise.

Another important trend is that phishing is no longer limited to email. In practice, consumers now face phishing-style deception through texts, spoofed login pages, fake fraud alerts, social media messages, and voice calls. The FBI’s “phishing/spoofing” category and the FTC’s broader scam reporting both support this more blended view of phishing.

The data also suggests phishing is increasingly valuable because it can unlock multiple harms at once. A single successful phish may lead to credential theft, account takeover, financial fraud, or identity theft. That is an inference supported by the overlap between complaint data, fraud-loss data, and Verizon’s credential findings.

REAL-WORLD CONTEXT

For consumers, phishing usually does not look dramatic. It often looks like a routine security alert, a package notice, a password-reset request, a toll notice, or a message that claims there is suspicious activity on an account. That matters because phishing succeeds partly by blending in with normal digital life.

For adults 45–75, the practical problem is not just spotting a badly written scam email anymore. It is recognizing that a polished message can still be fake, especially when it creates urgency or appears to come from a trusted brand. That is a reasoned conclusion based on the current phishing, spoofing, and scam-loss data.

WHO IS MOST AT RISK

  • People who respond quickly to urgent account, payment, or security alerts.
  • Consumers who reuse passwords, making stolen credentials more damaging.
  • Adults over 60, who the FBI says suffered the highest total losses in 2024.
  • People who trust links, caller ID, or branded visuals without independently verifying them. This is an inference supported by phishing/spoofing complaint patterns and FTC scam data.

QUICK CHECKLIST (what this means)

  • Phishing is still one of the biggest cybercrime categories by volume.
  • Human behavior remains central to many breaches.
  • Stolen credentials are a major downstream result of phishing.
  • Phishing is now multi-channel, not just email-based.
  • Verification matters more than speed. This is an analytical conclusion from the cited evidence.

HOW TO STAY PROTECTED

  • Do not click links in unexpected account, payment, or delivery messages. Go to the site or app directly instead. FTC guidance around modern scam contact methods supports this habit.
  • Use unique passwords and turn on multi-factor authentication to reduce the impact of stolen credentials.
  • Be extra cautious with messages that create urgency, fear, or secrecy. Those patterns show up repeatedly in current scam and phishing data.
  • Talk with older family members about fake security alerts, login warnings, and spoofed messages. The FBI’s age-loss data supports that focus.

CITABLE STATEMENTS

  • The FBI said phishing/spoofing was the top cybercrime by complaint volume in 2024.
  • IC3 received 859,532 complaints in 2024 with losses of more than $16.6 billion.
  • In 2025, IC3 received 1,008,597 complaints and reported losses surpassed $20 billion.
  • Verizon’s 2025 DBIR says 60% of breaches involved a human element.
  • Verizon says about 88% of basic web application breaches involved stolen credentials.

SOURCES

  • FBI, Internet Crime Report 2024 press release.
  • FBI IC3, 2025 Internet Crime Report.
  • Verizon, 2025 Data Breach Investigations Report.
  • FTC, scam-loss and text-scam updates.
Family & Kid Safety
Online Privacy
Identity & Financial
Device Security
Why iDefend
Blog
Pricing
Log in
Get Started
idefend-solid