While not all cyberattacks succeed, those that do usually have devastating consequences for both the organizations and their clients. 

According to the data presented by the Atlas VPN team, more than half (54%) of successful phishing attacks end in a customer or client data breach, followed by credential and account compromise (48%). Overall, 83% of organizations reported they had experienced a successful phishing attack in 2021. The data is based on the Proofpoint's State of the Phish Report 2022. 

Other common consequences of phishing attacks include ransomware infections (46%), loss of data and intellectual property (44%), and infections with malware other than ransomware (27%).

"Social engineering attacks, like phishing, heavily rely on human factors, such as an employee clicking a malicious link in order to be successful,” said Ruta Cizinauskaite, cybersecurity writer and researcher at Atlas VPN. “Therefore, the most effective way to safeguard against such attacks is to invest in employee training where employees would be educated on recognizing cyberattack attempts and how to act when they do."

Bulk phishing 

While cybercriminals tried various phishing methods to lure in the victims, some attack types were more common than others. Out of all, bulk phishing was the most frequently used attack. In total, 86% of companies experienced bulk phishing attacks last year.

In bulk phishing attacks, cybercriminals send out generic phishing emails to a vast number of targets in hopes that at least some will fall for the attack. 

The second most common type of phishing attacks organizations faced was spear phishing and whaling. Such targeted attacks hit 79% of companies worldwide. 

In contrast to bulk phishing, spear phishing is a targeted attack where cybercriminals have researched their victim beforehand and use personal information they have found to make their message more believable. Meanwhile, whaling phishing attacks are particularly targeted at high-profile people to maximize gain.

Email-based ransomware attacks occupy the third spot on the list.  They affected 78% of organizations. In the meantime, business email compromise (BEC) attacks were encountered by 77% of companies. 

However, email was not the only medium where criminals tried to phish victims. Other types of phishing attacks that plagued organizations last year include smishing (74%), social media attacks (74%), vishing (69%), and malicious USB drops (64%).