Sponsored By

Lower-Level Employees Become Top Spear-Phishing TargetsLower-Level Employees Become Top Spear-Phishing Targets

Cybercriminals seek employees who will be a "weak link" in the organization when designing phishing attacks, a new report finds.

Dark Reading Staff

July 29, 2021

1 Min Read

The average organization is targeted by over 700 social engineering attacks each year, according to a new report that reveals current trends in phishing and spearphishing.

Between May 2020 and June 2021, researchers with security firm Barracuda analyzed more than 12 million spearphishing and social engineering attacks related to 3 million mailboxes at more than 17,000 organizations. Results reveal some of the common methods attackers use to breach victims' defenses, such as trying to exploit a widespread interest in cryptocurrency and tailoring attacks to target less suspicious employees in low-profile roles.

For example, researchers found one in ten social engineering attacks involve business email compromise (BEC). Of these, 77% of BEC attacks target employees outside of financial and executive roles.

"Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization," said Don MacLennan, SVP of engineering & product management, email protection with Barracuda. "Targeting lower-level employees offers them a way to get in the door and then work their way up to higher value targets."

Other highlights include:

  • 43% of phishing attacks impersonate Microsoft

  • The average CEO will receive 57 targeted phishing attacks in a year

  • One in five BEC attacks target employees in sales roles

  • IT staffers receive an average of 40 targeted phishing attacks in a year

The full report is available here.

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Businesswoman with ponytail in black suit and businessman in black suit with laptop sit at office desk with stack of presents, look at laptop
Endpoint Security
10 Holiday Gifts For Stressed-Out Security Pros10 Holiday Gifts For Stressed-Out Security Pros
byEricka Chickowski, Contributing Writer
Nov 30, 2023
10 Slides
Photo of a ribbon-cutting ceremony at a store grand opening
Cybersecurity Operations
Dark Reading Debuts Fresh New Site DesignDark Reading Debuts Fresh New Site Design
byKelly Jackson Higgins, Editor-in-Chief, Dark Reading
Nov 28, 2023
2 Min Read
black ride-share car with Uber logo parked halfway on sidewalk
Cyberattacks & Data Breaches
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWindsFormer Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds
byJeffrey Schwartz, Contributing Writer
Nov 28, 2023
5 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events