A report released in May this year has found that though spear phishing emails only account for 0.1% of email based attacks, they are responsible for two-thirds of all breaches. Conducting extensive research by analysing 50 billion emails from 3.5 million mailboxes across 1350 organisations, which included about 30 million spear-phishing emails, half of these organisations had succumbed to a spear-phishing attack in 2022.
Of those who experienced a breach due to a spear phishing attack 55% had machines infected with malware or viruses and about half had sensitive data or login details stolen. Another 39% experienced direct monetary loss as a result of the targeted spear phishing attacks.
“Even though spear phishing is low-volume, with its targeted and social engineering tactics the technique leads to a disproportionate number of successful breaches, and the impact of just one successful attack can be devastating,” said Fleming Shi, chief technology officer at Barracuda, the company who conducted the research.
Another complication, is that in organisations where more than 50% of their staff work remotely there is a higher number of suspicious emails received per day compared with those who have the majority of their staff working in the office. Added to that, those who have more remote workers also take longer to recognise and respond to email security incidents.
Hackers are after as much information as they can lay their sticky keys on but sensitive personal information such as bank account details and credit card numbers are a favourite target. 42% of these spear phishing emails were brand impersonation attempts that aimed to collect people’s relevant account information.
Another 8% involved business account compromise where scammers impersonated a trusted person in an email to request wire transfers or personally identifiable information, while 3% used extortion techniques to muscle their way in.
This is quite a jarring picture of the threats that face us on the digital frontier and stats like this can leave us feeling a bit like we've had a hole stabbed through our middle!
However, using the latest behavioural email security products and our specialised employee training programs we can work with you and your company to assess and optimise your email security posture, leaving you to swim freely on.