Lower-Level Employees Become Top Spear-Phishing TargetsLower-Level Employees Become Top Spear-Phishing Targets
Cybercriminals seek employees who will be a "weak link" in the organization when designing phishing attacks, a new report finds.
July 29, 2021
The average organization is targeted by over 700 social engineering attacks each year, according to a new report that reveals current trends in phishing and spearphishing.
Between May 2020 and June 2021, researchers with security firm Barracuda analyzed more than 12 million spearphishing and social engineering attacks related to 3 million mailboxes at more than 17,000 organizations. Results reveal some of the common methods attackers use to breach victims' defenses, such as trying to exploit a widespread interest in cryptocurrency and tailoring attacks to target less suspicious employees in low-profile roles.
For example, researchers found one in ten social engineering attacks involve business email compromise (BEC). Of these, 77% of BEC attacks target employees outside of financial and executive roles.
"Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization," said Don MacLennan, SVP of engineering & product management, email protection with Barracuda. "Targeting lower-level employees offers them a way to get in the door and then work their way up to higher value targets."
Other highlights include:
43% of phishing attacks impersonate Microsoft
The average CEO will receive 57 targeted phishing attacks in a year
One in five BEC attacks target employees in sales roles
IT staffers receive an average of 40 targeted phishing attacks in a year
The full report is available here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware