Statistics

This page shows some statistics on I Got Phished. For confidentiality reasons, I Got Phished does not reveal all information. Special thanks to @malwrhunterteam for inspiring me!

Victims


The chart below shows the coverage of I Got Phishing: number of organisations who got notified by IGP about phishing victims within their constituency V.s organisations who got phished but not notified because they did not subscribe to notifications from I Got Phished (yet).

Coverage

This table shows the organisations with the highest amount of phished users (phishing victims). For confidentiality reasons, the organisations will not be named here but you get an idea about the potential impact.

# of Victims (email addresses)Organisation (domain name)Notified?
233Not disclosedno
144Not disclosedno
62Not disclosedno
48Not disclosedno
38Not disclosedno
32Not disclosedyes
31Not disclosedyes
30Not disclosedno
26Not disclosedno
25Not disclosedno
23Not disclosedno
15Not disclosedno
14Not disclosedno
14Not disclosedno
14Not disclosedno

Following two tables shows the top TLDs associated with the most of phished organisations (domain names) and phished victims (email addresses).


Top TLDs (by organisations)

PercentageVictim OrganisationsTLD
com5'06768%
org6328%
co.uk2113%
net1933%
edu1372%
ca1312%
com.au981%
nl661%
de641%
co.za581%
org.uk481%
com.br441%
ie37<1%
no36<1%
ch34<1%

Top TLDs (by victim addresses)

PercentageVictims (email addresses)TLD
com8'13870%
org9098%
edu2682%
net2542%
co.uk2462%
ca1752%
co.za1211%
com.au1181%
nl1141%
de851%
gov671%
ie661%
com.br601%
org.uk54<1%
no48<1%

Passwords


This chart gives you an idea on the passwords choosen by internet users that got phished. Please keep in mind that I Got Phished does only store the password length but not the password iteself. Hence IGP can't make any statements about the complexity of passwords choosen by users.

Password Length

Comparing the password length, we can make some statements about the amount of "good" (strong) passwords and such that are weak and e.g. do not meet requirements of common best-practices.

Percentage# of PasswordsLengthComment
6%696<8 Weak
94%10'877>8 NIST standard
11%1'26914-19 Strong
2%219>=20 Very strong