16 December 2021 / Elaboration

2021 Phishing Intelligence Report: Phishing in 2021

Phished announces the results of its 2021 Phishing Intelligence Report. The report, which analysed data from more than 100 million phishing simulations across thousands of organisations all over the world, revealed that globally, almost a quarter (22%) of employees are likely to expose their organisation to the risk of cyber-attack via a successful phishing attempt.


Analysis of the broad and diverse data set reveals how vulnerable the average employee is to phishing attacks and offers insight into key trends, including which topics lead to the most successful phishing attacks and which message formats are most likely to trick employees.

The data shows that of employees who open a phishing message, more than half (53%) are likely to click a malicious link contained within it. When asked to disclose data, for example on a spoofed login page, almost a quarter (23%) of recipients enter their data. If a message contains an attachment, 7% of all recipients will download and open it.

"Although these figures already point to a systematic problem among the working population, perhaps most concerning is the fact that no less than 7% of all employees open a suspicious email attachment. While phishing – usually – requires an extra step before the real damage is done, a malicious attachment can have serious consequences immediately," said Arnout Van de Meulebroucke, CEO of Phished.

Public v Private Sector Phishing

The 2021 Phishing Intelligence Report, which analysed simulation data from both private and public sector organisations, found that employees in the public sector are 3% more likely than those in private sector organisations to fall victim of a successful phishing attempt. UK public sector employees were slightly less susceptible (2.5%) to phishing attempts than the global 3% average.

Although these figures already point to a systematic problem among the working population, perhaps most concerning is the fact that no less than 7% of all employees open a suspicious email attachment.

Most successful phishing topics

Globally, COVID-19 related topics most often led to successful phishing attacks in 2021. This included messages around working from home, Coronavirus testing facilities and vaccinations, with fake news and misinformation campaigns fuelling malicious actors to tap into the general anxiety about the risks of vaccines and side-effects. After this, phishing messages around the technology and IT associated with home working were most successful in encouraging employees to click links and reveal data. This included messages around popular collaboration platforms, as well as technical support for passwords and virtual private networks (VPNs).

COVID-19 messages were also the most likely to fool recipients in the UK. However, in contrast to other countries, UK employees were almost as likely to be successfully phished via messages about orders, deliveries and shipments. HR-related topics, for example those relating to fines, dismissal, holidays or sensitive content, were also more likely to fool UK employees than IT-related messages.

Phished has drawn a number of conclusions from the 2021 Phishing Intelligence Report:

  • The data demonstrates that phishing remains a key attack vector for cybercriminals looking to target both private and public sector organisations worldwide. 2021 created a perfect cybersecurity storm, with attackers taking advantage of increased government communication around the COVID-19 crisis while phishing messages themselves become more convincing. Employees – anxious about the global health crisis – are struggling to distinguish these messages from legitimate communications.
  • The shift to home working has created greater risk, with many employees using their smartphones to open emails. Smartphones generally make it more difficult to recognise the origin of a potential email and mean employees are significantly more susceptible to phishing.
  • In 2022 we are likely to see this trend continue, as cybercriminals become increasingly sophisticated in their attacks. COVID-19 will continue to be a popular topic for attackers in 2022, but there are a number of new trends emerging.
  • Unwanted calendar invitations, where attackers spam your calendar with meeting invites, are becoming increasingly common, while QR code-based fraud is also something Phished expects to see more of in the new year.
  • Perhaps most concerning is the potential for deep fakes to make phishing more convincing and open up voice as a new vector for attacks.

“The task for the coming year is clear: organisations must focus explicitly on awareness among their employees. In recent years, the volume of phishing attacks has increased exponentially and without a radical countermovement, these campaigns will continue to claim more victims, resulting in major losses for organisations. A one-off workshop does not help against phishing. People need thorough, repeated training to help them recognise increasingly sophisticated phishing messages,” concludes Van de Meulebroucke.