Security & Privacy
How many phishing emails are sent worldwide right now? (Live Counter)
A live count of fraudulent emails launched worldwide right now
Roughly 41K emails every second.
Source: Symantec ISTR 2024; APWG quarterly phishing reports. View on dashboard →
What is a phishing email?
Phishing is a type of cyberattack where criminals send fraudulent electronic messages, most commonly emails, that impersonate trusted entities such as banks, technology companies, or government agencies. The goal is to trick recipients into revealing sensitive information (passwords, credit card numbers, personal data) or installing malware. Unlike brute-force hacking, phishing exploits human psychology rather than technical vulnerabilities. Modern phishing campaigns are increasingly automated and AI-generated, allowing attackers to launch millions of highly convincing, personalised attacks per day at near-zero cost.
The numbers behind 3.4 billion daily attacks
3.4 billion phishing emails are sent every single day, more than 39,000 every second
APWG82.6% of phishing emails analysed in late 2024-early 2025 contained AI-generated content
APWGPhishing attacks grew 5,753% between Q4 2004 and Q4 2016 alone
APWG36% of all data breaches involve phishing as the initial intrusion vector (Verizon DBIR 2024)
VerizonOver 84% of phishing sites use HTTPS/SSL, making them appear legitimate to casual inspection
APWGThe average user receives 16 phishing emails per month
APWGPhishing-as-a-Service (PhaaS) kits are available for as little as $50/month on the dark web
APWGAPWG Q1 2025: 1,003,924 phishing attacks, largest quarterly count since late 2023; QR-code phishing spiked sharply
APWGWire-transfer BEC fraud increased 136% from Q3 to Q4 2025, the sharpest single-quarter jump on record (APWG Q4 2025)
APWGWhat this means for you
In the time it takes to read this page (roughly 4 minutes), an estimated 840 million phishing emails will have been sent worldwide. That is not a rounding error. It is the scale of a fully industrialised criminal infrastructure.
Statistically, 1 in every 99 emails in a typical inbox is a phishing attempt. If you receive 100 work emails per day, that is roughly one phishing email landing in your inbox every single day, not in your spam folder but your inbox.
The most effective attacks today are spear-phishing, targeted emails that reference your name, company, or recent activity. They are not written by a person; they are generated by AI in milliseconds, at a cost close to zero. Recognising the pattern (unexpected urgency, unfamiliar sender domain, a link that “just needs your login”) is now a practical survival skill.
Phishing emails sent vs. online scam victims, today
Billions of phishing emails go out every day. A small fraction succeed, but that fraction still adds up to millions of victims annually.
How the phishing industry scaled: 2010-2025
Phishing email volumes have grown from hundreds of millions per day in the early 2000s to over 3.4 billion per day in 2024, as Phishing-as-a-Service platforms and AI made launching targeted attacks nearly free.
Phishing emails per day, relative growth
Trend and forecast to 2027, based on APWG growth trajectory
Detailed breakdown by year
| Year | Rate | Est. per day | Context |
|---|---|---|---|
| 2010 | 17K/sec | 1.4B | Spear-phishing emerges |
| 2015 | 22K/sec | 1.9B | Financial sector primary target |
| 2018 | 29K/sec | 2.5B | SSL-enabled phishing sites rise |
| 2020 | 34K/sec | 3.0B | COVID-19 lure campaigns dominate |
| 2021 | 32K/sec | 2.7B | - |
| 2022 | 35K/sec | 3.0B | Rising |
| 2023-2024 | 39K/sec | 3.4B | AI-driven content; PhaaS expansion |
| 2025 | 41K/sec | 3.5B | QR-code phishing surges; BEC wire-transfer fraud spikes; smishing grows |
| 2027 (forecast) | 51K/sec | 4.4B | AI-personalised attacks; PhaaS scale |
When phishing became an industry
- 2004APWG begins systematic monthly tracking of phishing activity; Q4 average: 1,609 attacks/month
- 2007China overtakes the US as the top country hosting phishing websites
- 2009New all-time record: 56,362 unique phishing sites detected in a single month (August 2009)
- 20161.2 million phishing attacks in a single year, highest recorded at the time; 5,753% growth since Q4 2004
- 2020Phishing attacks double year-over-year for the first time; October 2020 breaks all monthly records
- 2022First year to exceed 4.7 million phishing attacks; Phishing-as-a-Service (PhaaS) becomes mainstream
- 2023Nearly 5 million attacks, worst year on record; QR-code phishing (quishing) surges
- 2024Over 82% of phishing emails contain AI-generated content; AI-assisted personalised attacks dominate
Phishing: the industrialisation of deception
What is phishing?
Phishing is a social engineering attack that uses deceptive electronic messages, overwhelmingly email, to manipulate people into compromising their own security. Attackers impersonate banks, online services, government agencies, or colleagues to create urgency and bypass critical thinking. The term comes from "fishing," reflecting the use of bait to lure victims. Spear-phishing targets specific individuals using personalised information, while "whaling" targets executives. Modern phishing uses AI to generate grammatically perfect, contextually relevant messages at industrial scale.
Scale and growth
The Anti-Phishing Working Group (APWG) has tracked phishing since 2004, when monthly attack volumes were in the thousands. By 2016, annual attacks exceeded 1.2 million. By 2023, nearly 5 million unique phishing campaigns were recorded in a single year, a 5,700% increase over nineteen years. The total volume of phishing emails (including the mass-mailing of known campaigns) runs to approximately 3.4 billion per day, or roughly 39,000 per second.
The AI inflection point
From late 2024, AI-assisted phishing became the dominant method. Analysis of phishing emails in the period September 2024 - February 2025 found that 82.6% contained AI-generated content (APWG Q4 2024). AI tools allow criminal groups to create highly convincing, multi-language, personalised phishing campaigns in minutes, bypassing traditional signature-based detection. Phishing-as-a-Service (PhaaS) kits that include AI-powered content generation are available on the dark web for as little as $50/month.
Who is targeted?
Financial services consistently represent the largest proportion of phishing targets, approximately 30% of attacks as of 2024. SaaS platforms and webmail services (Gmail, Microsoft 365) follow closely, as compromised credentials provide access to entire organisational environments. Cryptocurrency exchanges have grown dramatically as targets since 2021. In 2023, the cryptocurrency sector accounted for 88% of all deepfake fraud cases catalogued by Sumsub, reflecting the convergence of phishing and synthetic media tactics.
Financial impact
Phishing is one of the most economically damaging cyberattack categories. The Verizon DBIR 2024 identifies phishing as the initial access vector in 36% of confirmed data breaches. IBM's Cost of a Data Breach report places the average total cost of a phishing-enabled breach at $4.76 million. Business Email Compromise (BEC) attacks, a form of highly targeted phishing, cost US organisations $2.9 billion in 2023 alone (FBI IC3).
What 3.4 billion emails a day actually means
At 39,000/sec, every person on Earth receives a phishing email roughly every 4.5 minutes
The daily phishing email volume of 3.4 billion exceeds the number of people with email accounts (4.3 billion), nearly one per person per day
If every phishing email were a single sheet of paper, the annual stack would reach from Earth to the Moon and back 470 times
What security researchers have found
The following data points come from security industry reports and academic research on phishing volume, impact, and trends.
| Year | Finding | Value | Source |
|---|---|---|---|
| 2004 | APWG begins systematic monitoring of unique phishing campaigns/sites (trend proxy for email volume); Q4 2004: ~1,609 campaigns/month. Email volume estimates not yet available. | 19K unique phishing campaigns/year (APWG trend proxy) | APWG |
| 2007 | APWG: 23,917 unique phishing reports and 30,999 unique phishing sites in July 2007; China surpasses US as top hosting nation. Campaign counts track the trend in email blast volume. | 24K unique phishing campaigns (single month, APWG trend proxy) | APWG |
| 2016 | APWG: 1,220,523 unique phishing campaigns/year, 65% increase over 2015. Each campaign typically generates millions of emails; this trend underpins the email volume estimate. | 1M unique phishing campaigns/year (APWG trend proxy) | APWG |
| 2020 | APWG: 1,845,814 unique phishing campaigns, doubled from 2019; COVID-related lures drive surge in email blasts | 2M unique phishing campaigns/year (APWG trend proxy) | APWG |
| 2022 | APWG: 4.7 million unique phishing campaigns recorded; Phishing-as-a-Service makes launching email blasts trivial | 5M unique phishing campaigns/year (APWG trend proxy) | APWG |
| 2024 | APWG: ~4.8 million unique phishing campaigns; 82.6% of analysed phishing emails contained AI-generated content; live counter based on Symantec estimate of ~3.4B emails/day from these campaigns | 5M unique phishing campaigns/year (APWG trend proxy) | APWG |
| 2025 | APWG Q1 2025: 1,003,924 phishing attacks, the highest quarterly count since late 2023; QR-code phishing (quishing) spiked sharply; BEC wire-transfer fraud up 33% vs Q4 2024 | 1M unique phishing attacks in Q1 2025 (APWG) | APWG |
| 2025 | APWG Q4 2025: 853,244 attacks; wire-transfer BEC up 136% vs Q3 2025; SMS phishing (smishing) usage continued rising throughout 2025; full-year 2025 attacks estimated at ~3.7 million unique campaigns | 853K unique phishing attacks in Q4 2025 (APWG) | APWG |
Frequently asked questions
- How many phishing emails are sent per day?
- Estimates place phishing email volume at approximately 3.4 billion per day globally as of 2024. This figure represents emails specifically designed to deceive recipients, based on security industry analysis of global email traffic patterns.
- What percentage of emails are phishing?
- Roughly 1-3% of all global email traffic is classified as phishing. With approximately 350 billion total emails sent daily in 2024, that equates to 3.5-10 billion phishing attempts daily.
- How has phishing changed over time?
- Phishing attacks have grown roughly 5,700% from Q4 2004 to 2023, driven by increasingly professional cybercriminal organisations, Phishing-as-a-Service (PhaaS) platforms, and AI-generated content. Modern phishing emails are often indistinguishable from legitimate communications.
- What are the most targeted industries?
- Financial services consistently account for the largest share of phishing targets (around 30%), followed by SaaS/webmail platforms (25%), e-commerce/retail (15%), and social media (10%). The cryptocurrency sector is increasingly targeted.
- What is the average cost of a phishing attack?
- According to IBM and Verizon DBIR 2024, the average cost of a data breach involving phishing is approximately $4.76 million, factoring in detection, response, legal, and reputational costs.
How the number is calculated
The 2025 live rate of ~40,509/sec is based on APWG Q1 2025 and Q4 2025 campaign trajectory, extrapolated to approximately 3.5 billion phishing emails per day. 3,500,000,000 ÷ 86,400 seconds = 40,509/sec. The 2024 baseline (Symantec/APWG) was ~3.4B/day (39,351/sec); APWG Q1 2025 showed +QR-code and BEC surges consistent with a ~3% volume increase. Phishing volume fluctuates seasonally; Q4 holiday peaks are roughly 30% above the annual average. The rate includes spear-phishing (targeted) and mass-blast campaigns.
Sources used: APWG Phishing Activity Trends Reports (Archive 2004-2023) - APWG Phishing Activity Trends Report Q4 2024 - APWG Phishing Activity Trends Report Q1 2025 - APWG Phishing Activity Trends Report Q4 2025. Full methodology: methodology page.
Why trust this phishing data
The 3.4 billion figure comes from Symantec's Internet Security Threat Report 2024 and is corroborated by APWG (Anti-Phishing Working Group) quarterly reports. Symantec monitors over 175 million endpoints globally. APWG tracks unique phishing sites and attack brands, providing the most granular public dataset on phishing activity. Both are widely cited by CISA, FBI, and national CERTs.
Sources
APWG Phishing Activity Trends Reports (Archive 2004-2023) - APWG Phishing Activity Trends Report Q4 2024 - APWG Phishing Activity Trends Report Q1 2025 - APWG Phishing Activity Trends Report Q4 2025. Full methodology: methodology page.
Explore related statistics: Online scam victims - Romance scam money lost - Cyberbullying victims, and the live AnythingCounter dashboard.