Spear-phishing attacks are defined by their targeted nature. Attackers will spend time researching their victims and organizations, designing attacks targeting specific individuals with a customized message.
According to security vendor Barracuda’s latest report, Spear Phishing: Top Threats and Trends, organizations are experiencing far more convincing campaigns, focusing on a broader range of roles in the organization than ever before:
- 1 in 10 attacks are Business Email Compromise (BEC) attacks
- The average CEO receives 57 targeted phishing attacks each year
- IT staff receive an average of 40 targeted phishing attacks in a year
- Microsoft remains the top impersonated brand, with WeTransfer in at number two
Barracuda identified four distinct categories of phishing attacks that exploit social engineering:
- Business email compromise (BEC): A hacker will impersonate an employee, usually an executive, and request wire transfers, gift cards, or money sent to bogus charities.
- Phishing impersonation: Cybercriminals will create emails posing as a well-known brand or service to trick victims into clicking on a phishing link.
- Extortion: Hackers threaten to expose sensitive or embarrassing content to their victim’s contacts unless a ransom is paid out.
- Scamming: Hackers create malicious links ranging from claims of lottery wins and unclaimed funds or packages to business proposals, fake hiring, donations, and more.
The roles cybercriminals target within an organization extend well beyond the CEO or IT, making every employee a potential target.
This is the very reason why it’s so important to ensure that every user – regardless of role – continually takes part in your Security Awareness Training program. By doing so, they will remain updated on the latest scams, campaigns, social engineering tactics, etc., and be able to quickly identify malicious email content and avoid being the person responsible for a successful cyberattack.
Information used in this article was provided by our partners at KnowBe4 and the report “Spear Phishing: Top Threats and Trends” from Barracuda.