Email Security Blog

Cybercrime Salaries: How Much Do Phishers Really Make?

Like any enterprise, there are costs associated with doing business. In the world of cybercrime, threat actors have plenty of options.

Investing in Criminal Tools of the Trade

Depending on their goals and their own areas of expertise, many hackers choose to hire professional criminals to do the dirty work. The price paid for such services is usually in line with the risk and payouts. While the median cost of hiring other criminals to execute a cyber-scheme is just $400, some professional teams charge as much as $250,000.1 Rates like that seem almost criminal, don’t they?

For the DIY hackers, purchasing access products is the way to go. It’s much more affordable, with the majority of phishers spending less than $10 to buy email addresses, credentials, vulnerabilities, and more. Email addresses are especially inexpensive and while the average click rates is less than 3 percent, phishers with persistence and patience might still cash in.1

Ransomware Wins, Negotiations Accepted.

One of cybercrime’s biggest cash cows is ransomware. In short, phishers kidnap your files and data and hold them hostage until a ransom is paid. All it takes is just one unsuspecting click on a malicious link and malware begins to unpack and execute. Company files become encrypted and only the hacker knows the mathematical key to recover the data.

According to a report conducted by Palo Alto Networks, the average ransom demanded by cybercriminals executing a ransomware attack in 2023 was $695,000. Interestingly enough, when an organization decides to pay the ransom, the longer they can hold out, the lower the negotiated payment turns out to be. In 2023 the median ransom payment made was $237,500.2

Cybercrime Profits – Rolling the Dice

To better understand the ROI for cybercrime, you must look at the profits. Verizon simulated the activity of 500 ransomware criminals. Here are some of the findings:2

  • 60% of ransomware attacks showed no profit.
  • A large portion saw a profit of just about $1.
  • The median profit was $100.
  • Over time, simulating 150,000 ransomware attempts, the average cybercriminal made $178,465 and the top earner made more than $3.5 million.

The primary conclusion of this simulated study was that ransomware profits are rather random and haphazard. Some criminals hit the jackpot, while the majority earn nothing.

Does Cybercrime Really Pay?

We have all heard the phrase, “Crime Doesn’t Pay”. That is especially true for those who get caught. In the United States, crimes categorized as “Fraud and Related Activity in Connection with Electronic Mail” can carry sentences of 20 years or more.3

What does pay is keeping your organization and clients safe from cybercrime. Phishing continues to be the #1 reported type of cybercrime. Without the right email security in place, you open yourself up to some pretty costly crimes, including Business Email Compromise (BEC), ransomware, malware, data breaches, and more.

Fight Phishing Crimes with INKY

INKY provides the most comprehensive malware and email phishing protection available and is the only behavioral email security platform. That means not only does INKY block phishing attempts, it also coaches users to make safe decisions – everywhere, all the time. By signaling suspicious behaviors with interactive banners, the INKY Email Assistant guides users to take safe action on any device or email client.

If you’re not working with INKY yet but are intrigued, please take a minute to set up a free demonstration to learn how INKY’s email security can keep you and your customers safe from phishing attacks, data breaches, ransomware, and more. Schedule a free demonstration or become a partner today.


INKY is an award-winning, behavioral email security platform that blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.


1Source: Verizon’s 2022 Data Breach Investigations Report