Using administrative data on phishing attacks targeting almost 150,000 Italian- and German-speaking customers of an Italian bank in 2022–23, we investigate how individual characteristics are associated to the likelihood of victimization. We find that younger customers and Italian speakers are more likely to be victims of phishing, while we find no differences in terms of gender or size of the place of residence.