Dubai, United Arab Emirates: With 79% of organisations using Office 365 and many more looking at migrating in the near future, cybercriminals a exploiting the tech giant’s popularity and trusted reputation to trick victims of their social engineering attacks. This is according to Barracuda’s latest report titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting which found that 43% of all phishing attacks involve the impersonation of Microsoft brands. The research also revealed that while CEOs and CFOs are the most targeted – on average receiving 57 and 51 phishing emails per year respectively – attackers are now broadening their sights with 77% of Business Email Compromise (BEC) attacks now targeting employees outside of financial and executive roles.

“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower-level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”

Barracuda’s latest report draws from research conducted over the period of one year, between May 2020 and June 2021, which involved the analysis of more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organisations. It examined current trends in spear phishing, including which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defences. The comprehensive report also details the best practices and technology that organizations should be using to defend against these types of attacks.

Key findings include:

  • An average organisation is targeted by over 700 social engineering attacks each year of which phishing accounts for the large majority (49%), followed by scamming (39%).
  • 43% of phishing attacks impersonate Microsoft, while WeTransfer (18%), DHL (8%) and Google (8%) are also popular brands with attackers.
  • 1 in 10 social engineering attacks is business email compromise (BEC).
  • 77% of BEC attacks target employees outside of financial and executive roles.
  • 1 in 5 BEC attacks target employees in sales roles.
  • IT staffers receive an average of 40 targeted phishing attacks in a year. 

Read the full report: https://www.barracuda.com/spearphishing-vol6 

Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.