Consumer Password Stolen Image

Phishing is a type of online fraud (cyberattack) that deceives individuals into revealing sensitive information. It began in the mid-1990s when attackers posed as service representatives in emails to trick users into providing their passwords. Not much has changed in the last 30 years, except for the sophistication of these scammers.

Every day, billions of fraudulent messages are sent by phishers to trick unsuspecting consumers into divulging sensitive information, like their banking password. Attackers have gone beyond email, and now use social media, phone texts, voice calls, QR codes and more. Tactics have also become more sophisticated, with attackers learning about consumer online habits and messaging them accordingly to be more convincing. AI tools have taken things up a notch, with over 80% of phishing emails now being generated with AI help to be more targeted.

Here are some facts that highlight the pain inflicted by phishing on consumers.

Staggering Financial Toll

  • In 2024, U.S. consumers lost over $12.5 billion to fraud, a 25% increase over 2023; imposter scams alone accounted for $2.95 billion in losses, and email remained the most common initial contact method (WIRED, Federal Trade Commission).

  • Cyber scams across all contact channels in the U.S. totaled $16 billion in 2024, a 33% rise, with phishing/spoofing generating around 193,000 complaints (New York Post).

  • Globally, phishing is projected to cost victims up to $250 billion in 2024, reflecting dramatic expansion in scale and impact (sslinsights.com).

Escalating Sophistication & Reach

  • Consumers receive over 3.4 billion phishing emails per day, making up about 1.2% of global email traffic; phishing is involved in 36% of all cyber breaches, and 94% of malware infections originate from phishing vectors (DeepStrike).

  • AI is fueling these scams: 82% of phishing emails are now AI‑generated, and reports of phishing rose 466% in Q1 2025 year over year (Sift).

  • Even confident users struggle: 33% say they could spot an AI scam, yet 20% admit to falling for phishing in the past year; of those who suspected an AI scam, 27% were successfully defrauded (Sift).

Mobile Threats: Smishing & Quishing

  • Smishing (SMS‑based phishing) is surging: 150% increase in 2022, present in 75% of organizations in 2023, with 30% of users falling victim; average losses are about $4,300 per incident (WifiTalents).

  • “Quishing” — phishing via malicious QR codes — is now a growing threat in retail and public settings. Overlayed QR codes can download malware instantly, compromising banking details or personal data (Adelaide Now).

Emotional and Psychological Fallout

  • Beyond monetary loss, identity theft leaves nearly 42% of victims with diminished trust, lost peace of mind, or missed opportunities; 12% lost over $10,000 in reported cases (Reddit).

  • A recent psychological guide notes phishing leads to emotional trauma: shame, anxiety, and reluctance to disclose victimhood—often compounding recovery challenges (Verywell Mind).

How Phishing Works: Real‑World Examples

  • Tech support scams: In these scams, phishers prey on less tech-savvy consumers and convince them of a problem in their computer. The phishers offer to provide remote technical support. While “helping” the user, they ask the user to log into various websites and record their passwords. ~60% of consumers surveyed had encountered one in the past year, with typical losses around $200 per incident (Wikipedia).

  • Voice‑phishing (vishing): In these scams, phishers make calls posing as IRS or Immigration services and threaten to arrest the user unless they make a “bail” payment. These schemes have netted hundreds of millions in the past decade. (Wikipedia).

  • Invoice phishing: In such scams, phishers send an email posing as a vendor and demand payment. Famous incidents include Ubiquiti’s phishing loss of almost $47 million in 2015, and the 2016 hack of Google and Facebook via invoice phishing, which stole $100 million+ (Wikipedia).

How Consumers Can Protect Themselves

1. Know the Psychology of Deception

  • Scammers often exploit urgency, authority, fear, or familiarity. Recognizing emotional triggers (e.g. panic over a payment delay) helps you pause before responding (New York Post).

2. Be Skeptical of Unexpected Contact

  • Avoid clicking links or opening attachments in unsolicited emails, texts, or calls—even if they appear plausible. When in doubt, go directly to the official websites and look up known phone numbers (WIRED).

3. Guard Your Device

  • Keep mobile operating systems and antivirus tools up to date. Be especially wary of scanning unknown QR codes or approving unsolicited app downloads (a common vector in quishing) (Adelaide Now).

4. Enhance Your Browser’s Security

  • Always update your browser to the latest version. Make use of browser security extensions like a password manager, privacy protector and phishing site detector. Most of them are free, so there is no downside to using them.

5. Manage Your Identity & Finances Proactively

  • Monitor financial statements and credit reports regularly; report losses or theft immediately to banks and authorities.

Quick Summary of Risks at a Glance

Threat Vector Reported Impact
Email phishing $12.5B+ in U.S. consumer losses (2024)
Smishing (SMS) ~$4,300 per victim; 30% users affected
Quishing (QR) Rapid malware risk via tampered code
AI-powered attacks 82% phishing emails AI-generated; 20% consumer fall rate

Further Reading

  • Explore how digital scams cost Americans $16 billion in 2024—including 193,000 phishing complaints: a news summary from the FBI data → a detailed article on cyber scams skyrocketing (Federal Trade Commission, WifiTalents, WIRED, Sift, New York Post).

  • Discover in‑depth consumer phishing guidance and real-life stories in Phishing for Relief—Overcoming Scams in the 21st Century (Verywell Mind).

  • Read a breakdown of the rising danger of quishing and QR‑code misuse in everyday retail settings, warned of in Australian Anti‑Scam Alliance reporting (Adelaide Now).

Conclusion

Phishing is one of the most pervasive threats facing everyday individuals—whether through email, SMS, phone calls, or QR codes. With losses in the tens of billions each year and emotional harm that outlives finances, the stakes are real.

While phishing attacks become more convincing through AI and multi-channel vectors, you can break the cycle with informed skepticism, strong authentication, vigilant hygiene, and emotional awareness. Together, these steps dramatically reduce risk—and empower you to stay one step ahead of scammers.

Stay safe—and feel free to ask if you’d like help choosing tools or learning more.

Next steps

Try Sekant Web Security

If this article piqued your interest, please check out Sekant Web Security. It is a browser extension that applies machine learning and AI to detect phishing websites in real-time without relying on remote servers that compromise your privacy.

Some key features of Sekant Web Security:

  • Trained and tested on over a million datapoints

  • Multi-modal engine that analyzes URLs, HTML content, site reputation and brand elements

  • Automatically personalizes itself to individual browsing habits

  • Full user privacy; no user data sent to Sekant servers

  • Free for personal use

Explore the Sekant Blog for more articles related to phishing detection

Message us with thoughts

Have thoughts to share on phishing detection? Send us a note! info (at) sekantsecurity (dot) com

Attribution: Image courtesy of Freepik. Content written with Generative AI support.