2021 has been witnessing phishing or pretexting — types of social engineering attacks, leading all Data Breach Reports. The fraudulent practice of sending emails to incite targeted individuals to divulge confidential information and make wire transfers is no more a C-Suite privilege. With attackers getting cannier in their approach, employees in sales, project management, human resources, and admin are on the hit list. With WFH being the norm and employees banking on virtual communication channels, cyberattackers have widened their target spectrum where impersonation is more convincing.
Barracuda, a provider of cloud-enabled security solutions, has released Spear Phishing: Top Threats and Trends Vol.6, highlighting the way spear phishing attacks are evolving and who cybercriminals are targeting with these attacks.
According to the report, an average organization is targeted by over 700 social engineering attacks each year, and 77% of BEC attacks target employees outside of financial and executive roles, including personnel working in roles like sales (19%), project management (10%), human resources (10%) and admin (9%).
Revealing trends on targeted spear phishing attacks, the report talks about CEOs attracting an average of 57 targeted attacks per year, and IT professionals who too are under fire, attract an average of 40 targeted spear phishing attacks per year.
“Cybercriminals are getting sneakier about who they target with their attacks, often focusing on employees outside of the C-Suite, looking for a weak link in your organization,” said James Wong, Regional Director for Southeast Asia, and Korea, Barracuda. “Targeting lower-level employees offers cybercriminals a way to get in the door and then work their way up to higher-value targets. That’s why it’s important to make sure you have protection and training for all employees, rather than just focusing on those you think are the most likely to be attacked.”
Communication from known sources, brands, services, and e-commerce portals are old tricks used by cyberbullies as they are more likely to be trusted and invoke a response.
According to the report, nearly half of all phishing attacks impersonate Microsoft (43%), followed by WeTransfer (18%), DHL (8%), and Google (8%) to lure unsuspecting victims.
With 79% of organizations using Office 365, and many more looking at migrating in the immediate future, it’s not surprising that Microsoft brands remain a top target for cybercriminals.
Cryptocurrency continues to be a favorite with cybercriminals due to its decentralized nature and lack of regulation. Being a digital format and increasingly getting accepted in businesses, cryptocurrency has seen an increase in value. Its price increased by almost 400% between October 2020 and April 2021. Hackers impersonated digital wallets and other cryptocurrency-related apps with fraudulent security alerts to steal log-in credentials.
Technology
People
As the vulnerabilities take innovative forms, organizations need to constantly keep vigil and invest in an inclusive approach to secure their last line of defense, ‘the employees,’ along with the business. Judicious use of technology and training can mitigate risk to a large extent and help avoid phishing attacks.
June 26, 2025 Location: Hyderabad, India CISO India Connect 2025 is an invite-only summit bringing…
September 1-4, 2025 Location: Abuja and Lagos, Nigeria Website: https://www.gitexnigeria.ng/ Backed by NITDA and the…
May 28-29, 2025 Location: W Hotel Kuala Lumpur, Malaysia CyberSecMY Conference 2025 (CSM2025) is a…
Tuesday, June 24, 2025 Location: Hilton Canary Wharf, London, United Kingdom The Cyber Secure Forum,…
May 28, 2025 Location: Pullman Thamrin CBD Jakarta website: https://ciso-id.coriniumintelligence.com/ Corinium Intelligence is thrilled to…
September 17-18, 2025 Location: National Housing Center, Washington, D.C., USA The National Insider Risk Symposium…