Microsoft researchers say phishing is a low-skill, low-reward business. Phishing doesn’t pay very well and tends to attract low-skied hackers who themselves become victims. The average phisher makes about as much as if he did something legal with his time, they say. The easier phishing gets, the worse the economic picture for phishers, the paper says. The authors of the paper conclude that increased phishing volume indicates a decrease in total revenue as phishers compete to capture the limited pool of phishing money.”]
Source: https://www.darkreading.com/attacks-breaches/phishing-doesn-t-pay-microsoft-finds