Statistics

This page shows some statistics on I Got Phished. For confidentiality reasons, I Got Phished does not reveal all information. Special thanks to @malwrhunterteam for inspiring me!

Victims


The chart below shows the coverage of I Got Phishing: number of organisations who got notified by IGP about phishing victims within their constituency V.s organisations who got phished but not notified because they did not subscribe to notifications from I Got Phished (yet).

Coverage

This table shows the organisations with the highest amount of phished users (phishing victims). For confidentiality reasons, the organisations will not be named here but you get an idea about the potential impact.

# of Victims (email addresses)Organisation (domain name)Notified?
233Not disclosedyes
153Not disclosedno
95Not disclosedno
64Not disclosedno
49Not disclosedyes
48Not disclosedno
48Not disclosedno
37Not disclosedno
35Not disclosedno
34Not disclosedyes
33Not disclosedno
33Not disclosedyes
32Not disclosedno
29Not disclosedno
26Not disclosedno

Following two tables shows the top TLDs associated with the most of phished organisations (domain names) and phished victims (email addresses).


Top TLDs (by organisations)

PercentageVictim OrganisationsTLD
com9'30365%
org1'1218%
net3913%
co.uk3783%
com.au2672%
ca2582%
edu2442%
co.za1321%
nl951%
de931%
ie881%
gov861%
ch64<1%
org.uk63<1%
co.nz61<1%

Top TLDs (by victim addresses)

PercentageVictims (email addresses)TLD
com14'13767%
org1'6188%
net5473%
edu5152%
co.uk4412%
ca3602%
com.au3111%
gov2301%
co.za2101%
nl1451%
ie1221%
de1191%
org.uk104<1%
us82<1%
it76<1%

Passwords


This chart gives you an idea on the passwords choosen by internet users that got phished. Please keep in mind that I Got Phished does only store the password length but not the password iteself. Hence IGP can't make any statements about the complexity of passwords choosen by users.

Password Length

Comparing the password length, we can make some statements about the amount of "good" (strong) passwords and such that are weak and e.g. do not meet requirements of common best-practices.

Percentage# of PasswordsLengthComment
7%1'476<8 Weak
93%19'763>8 NIST standard
11%2'28414-19 Strong
2%353>=20 Very strong