More than half of successful phishing attacks end in data breach, report shows
Every year, millions of people around the world fall victim to credit card fraud. The situation is not getting any better as hackers and scammers are now improving their tradecraft and tools by targeting victims on social media.
Last month, we warned about new phishing tactics disguised as fun. A few days later MetaMask asked Apple users to disable the automatic iCloud backups for their wallets after a user lost $650,000 worth of NFTs in a phishing attack.
Now, a new report from Atlas VPN shows that 54% of successful phishing attacks end in customers’ data breaches. While not all cyber attacks succeed, those that do usually have devastating consequences for both organizations and their clients.
According to the data presented by the Atlas VPN team, more than half (54%) of successful phishing attacks end in a customer or client data breach, followed by credential and account compromise (48%). Overall, 83% of organizations reported they had experienced a successful phishing attack in 2021. The data is based on Proofpoint’s 2022 State of the Phish Report.
Other common consequences of phishing attacks include ransomware infections (46%), loss of data and intellectual property (44%), and infections with malware other than ransomware (27%). Cybersecurity writer and researcher at Atlas VPN Ruta Cizinauskaite shares her thoughts on the situation:
“Social engineering attacks like phishing heavily rely on human factors, such as an employee clicking a malicious link in order to be successful. Therefore, the most effective way to safeguard against such attacks is to invest in employee training where employees would be educated on recognizing cyberattack attempts and how to act when they do.”
Bulk phishing attacks were most frequently faced by organizations. While cybercriminals tried various phishing methods to lure in the victims, some attack types were more common than others. Out of all, bulk phishing was the most frequently used attack. In total, 86% of companies experienced bulk phishing attacks last year.
In bulk phishing attacks, cybercriminals send out generic phishing emails to a vast number of targets in hopes that at least some will fall for the attack.
The second most common type of phishing attacks organizations faced were spear-phishing and whaling. Such targeted attacks hit 79% of companies worldwide.
In contrast to bulk phishing, spear phishing is a targeted attack where cybercriminals have researched their victim beforehand and use personal information they have found to make their message more believable. Meanwhile, whaling phishing attacks are particularly targeted at high-profile people to maximize gain.
Email-based ransomware attacks occupy the third spot on the list. The affected 78% of organizations. In the meantime, business email compromise (BEC) attacks were encountered by 77% of companies.
However, email was not the only medium where criminals tried to phish victims. Other types of phishing attacks that plagued organizations last year include smishing (74%), social media attacks (74%), vishing (69%), and malicious USB drops (64%).
Click here to read the full article.