Barracuda found Microsoft impersonation being utilised in 43% of phishing attacks. With 79% of organisations using Office 365 and many more looking at migrating in the near future, cybercriminals a exploiting the tech giant’s popularity and trusted reputation to trick victims of their social engineering attacks. This is according to Barracuda’s latest report titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting which found that 43% of all phishing attacks involve the impersonation of Microsoft brands. The research also revealed that while CEOs and CFOs are the most targeted – on average receiving 57 and 51 phishing emails per year respectively – attackers are now broadening their sights with 77% of Business Email Compromise (BEC) attacks now targeting employees outside of financial and executive roles.
“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organisation,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda.
Also states, “Targeting lower-level employees offers them a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”
Barracuda’s latest report draws from research conducted over the period of one year, betweenMay 2020 and June 2021, which involved the analysis of more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organisations. It examined current trends in spear phishing, including which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defences. The comprehensive report also details the best practices and technology that organizations should be using to defend against these types of attacks.
Key findings include:
- An average organisation is targeted by over 700 social engineering attacks each year of which phishing accounts for the large majority (49%), followed by scamming (39%).
- 43% of phishing attacks impersonate Microsoft, while WeTransfer (18%), DHL (8%) and Google (8%) are also popular brands with attackers.
- 1 in 10 social engineering attacks is business email compromise (BEC).
- 77% of BEC attacks target employees outside of financial and executive roles.
- 1 in 5 BEC attacks target employees in sales roles.
- IT staffers receive an average of 40 targeted phishing attacks in a year.