Social Engineering Attack Statistics



Published on January 31, 2024



Post Content: Cybersecurity

Ever wanted to know social engineering attack statistics? We’ve compiled a list of concerning social engineering attacks and some statistics about them.

1. Phishing πŸŽ£πŸ“§πŸ•΅οΈ

  • Phishing accounts for 36% of all data breaches globally. (Verizon 2023 Data Breach Investigations Report)
  • 83% of organizations experienced a phishing attack in 2022, a 46% increase from 2020. (Proofpoint 2023 State of the Phish Report)
  • $52 million was lost due to phishing attacks in 2022, up from $44 million in 2021. (FBI Internet Crime Report 2023)

2. Vishing πŸ“žπŸŽ­πŸŽ™οΈ

  • Vishing attacks surged by 550% between 2021 and 2022, making it one of the fastest-growing social engineering threats. (Zscaler ThreatLabz 2023 Report)
  • 60% of businesses reported employees receiving vishing calls impersonating IT or HR teams. (IBM X-Force Threat Intelligence Index 2023)
  • Banking and financial institutions are the most targeted industries for vishing scams. (IC3/FBI 2023 Report)

3. Smishing πŸ“²πŸ’¬πŸš¨

  • Smishing attacks increased by 328% in 2022, making SMS phishing one of the fastest-growing cyber threats. (Security Magazine 2023 Report)
  • 1 in 4 employees clicked on a malicious SMS link in simulated security tests. (Tessian 2023 Psychology of Human Error Report)
  • Smishing scams caused over $10 billion in financial losses in 2022, compared to $7 billion in 2021. (FTC Consumer Sentinel Report 2023)

4. Quishing πŸ“±πŸ§‘β€πŸ’»πŸ”

  • Quishing (QR code phishing) attacks increased by 700% in 2022 due to widespread adoption of QR codes for business transactions. (Ivanti Phishing Report 2023)
  • 68% of users admitted they scan QR codes without verifying them, increasing exposure to quishing scams. (MobileIron Security Survey 2023)
  • QR code phishing is particularly prevalent in restaurants, public transport, and financial services. (Forbes Cybersecurity Trends 2023)

5. Pretexting πŸŽ­πŸ”‘πŸ“ž

  • Pretexting-related breaches increased by 25% in 2023, as attackers rely more on human manipulation rather than malware. (Verizon 2023 DBIR)
  • More than 90% of pretexting attacks involve impersonating senior executives to manipulate employees. (IBM Cost of a Data Breach Report 2023)
  • Business email compromise (BEC), which often uses pretexting, accounted for $2.7 billion in reported losses in 2022. (FBI IC3 2023 Report)

6. Tailgating & Piggybacking πŸšͺ🚷🎀

  • Tailgating attacks increased by 40% in 2022, particularly in corporate offices, government buildings, and data centers. (Security Intelligence 2023 Report)
  • 61% of security breaches in offices involve an unauthorized individual gaining physical access. (Physical Security Trends Report 2023)
  • Smart access control adoption grew by 27% in 2023 as companies invest in preventing tailgating. (Allied Market Research 2023)

7. Watering Hole Attacks πŸŒπŸ’€πŸ

  • Watering hole attacks rose by 59% in 2022, targeting organizations through compromised websites. (Cybersecurity & Infrastructure Security Agency – CISA 2023)
  • 30% of attacks on government agencies originated from watering hole techniques. (Palo Alto Networks 2023 Threat Report)
  • Over 75% of corporate employees visit at least one compromised website per year, making watering hole attacks highly effective. (Symantec Internet Security Threat Report 2023)

8. Deepfake Social Engineering πŸŽ₯πŸ€–πŸ’¬

  • Deepfake attacks increased by 300% in 2023, as AI-powered scams become more sophisticated. (Gartner Cyber Risk Report 2023)
  • In 2023, a Hong Kong-based company was scammed out of $25 million after a deepfake video call impersonated its CFO. (Financial Times, 2023)
  • 45% of IT security professionals say they have encountered AI-generated deepfake threats in the past year. (EUROPOL 2023 Cyber Threat Assessment)

9. Baiting πŸŽπŸ’ΎπŸ¦ 

  • Baiting attacks have increased by 62% in 2023, primarily through fake job offers and USB drop attacks. (KnowBe4 Security Awareness Report 2023)
  • In a security test, 45% of employees plugged in a random USB drive they found in a parking lot. (Google Security Experiment 2023)
  • Cybercriminals are using fake job postings more frequently, with LinkedIn reporting a 232% increase in fraudulent job scams in 2023. (LinkedIn Fraud Report 2023)

10. Rogue Wi-Fi & Evil Twin Attacks πŸ“Άβš οΈπŸŽ­

  • Rogue Wi-Fi attacks have increased by 37% since 2021, especially in airports, hotels, and cafes. (Cisco Security Report 2023)
  • More than 60% of mobile users have unknowingly connected to a rogue Wi-Fi hotspot, putting their data at risk. (Kaspersky Security Report 2023)
  • The use of VPNs increased by 41% in 2023, as businesses and travelers become more aware of Wi-Fi security risks. (Global VPN Market Report 2023)

πŸ“’ Key Takeaways

  • Phishing remains the #1 social engineering threat, but vishing and deepfake scams are rising rapidly.
  • Quishing (QR code phishing) is growing at an alarming rate, due to widespread QR code adoption.
  • Deepfake attacks have increased by 300%, posing major risks to financial institutions and executives.
  • Baiting and rogue Wi-Fi attacks are highly effective, as many employees unknowingly engage with them.
  • Vishing (voice phishing) attacks grew by 550%, making phone scams a critical security concern.

We’re not big on doom-and-gloom.

The nice part of all of this is that routine training remains one of the most effective safeguards against social engineering threats. For some stats on how well training works, visit our blog article on The Effectiveness of Training for Cybersecurity Mitigation.


πŸš€ Need a cybersecurity strategy to protect your business?
Explore Fidalia Networks’ Disaster Recovery Services to safeguard your organization from social engineering threats.