Non-C-Suite employees are attractive targets for attackers

An average organisation is targeted by over 700 social engineering attacks each year.

When it came to business email compromise attacks (BEC), a whopping 77 per cent of attacks target professionals outside of finance and executive roles, including personnel working in roles like sales (19 per cent), project management (10 per cent), human resources (10 per cent) and admin (9 per cent).

When it came to targeted spear phishing attacks, the report also reveals that while CEOs attract an average of 57 targeted attacks per year, IT professionals are similarly under fire, attracting an average of 40 targeted spear phishing attacks per year.

According to Barrucuda’s recently released report, Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, also revealed the average organisation will be targeted by over 700 social engineering attacks each year, and it’s not just C-level executives who need to be wary.

Almost half of all phishing attacks impersonate Microsoft (43 per cent), followed by WeTransfer (18 per cent), DHL (8 per cent) and Google (8 per cent) to lure unsuspecting victims. Barracuda noted that cybercriminals are getting sneakier about who they target with their attacks, often focusing on employees outside of the C-Suite, looking for a weak link in your organisation.

Hackers use a combination of tactics to trick their users into taking an action, such as giving up their credentials so that the attackers can get access to the company’s environment or launch a ransomware attack, sharing sensitive information that could be sold or used for further attacks, or simply sending a payment, gift cards, or money transfers.

Between May 2020 and June 2021, Barracuda researchers analysed more than 12 million email attacks impacting about three million mailboxes at roughly 17,000 organisations.

Phishing impersonation attacks will usually pose as emails from a well-known brand or service in order to trick victims into clicking on a phishing link. These attacks make up 49 per cent of all socially engineered threats we’ve seen in the past year. Almost all of the attacks that fall into this category will include a malicious URL.

Although phishing emails are nothing new, hackers have started to deploy ingenious ways to avoid detection and deliver their malicious payloads to users’ inboxes.




Leave a Comment

Related posts