Phishing Scams are the Most Common Cyber Attack, Says FBI

More than $6.9 billion was lost to cyber scams in 2021, representing a significant increase from the previous year.

It might be time to evaluate your business’ cybersecurity practices, as the FBI has released a new study that shows phishing scams are the most prevalent kind of cyber-attack by a considerably margin.

Based on this and dozens of other studies, cybersecurity is getting worse. More funds are at risk due to the advanced hacking techniques and businesses, colleges, and even entire countries are under constant threat of ransomware, malware, and other scams that can cripple them into oblivion.

This study from the FBI, which also found that $6.9 billion lost to these kinds of cyber-attacks in 2021, outlines which scams are most common and a few tips on how to avoid them.

FBI Report Shows Troubling Cybersecurity Trends

The Internet Crime Report from the FBI comes out once a year, and lately it has shown some troubling trends in regard to cybersecurity. Namely, that it’s becoming more and more prevalent by the year.

Scam Complaints and Losses Graph FBI

In addition to the exponential growth of complaints of cyber-attacks and money lost to these kinds of cyber-attacks, the FBI found that phishing scams were notably the most widespread by a sizable amount.

Of the almost 850,000 complaints lodged to the FBI about cyber-attacks, more than one third (323,972) were in regard to phishing scams with the next most common being non-payment scams at only 82,478 complaints. Even worse, a specific subset of this category, business email compromise (BEC) — which is a phishing scam against a business used to infiltrate its data and operations — accounted for 19,954 complaints, resulting in $2.4 billion lost in 2021.

“Business email compromise continues to grow and evolve, targeting small local businesses to larger corporations, and personal transactions,” wrote the FBI in the report.

Suffice it to say, businesses need to be extra careful when it comes to shoring up their cybersecurity standards to prevent significant losses. So, what can you do?

What can you do to protect your business from phishing scams?

The FBI isn’t just going to leave you high and draw without any information about how to mitigate these ever-evolving cyber risks. Here’s a list of “suggestions for protection” from the FBI that businesses can follow to stay safe from these scams:

  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

Additionally, utilizing tools like antivirus software, password managers, and VPNs can improve your overall security setup at your business, allowing you to get to work without increased fear of these threats.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals