Spear phishing is on the rise in both frequency and effectiveness, making it an even greater threat to organizations who let their defenses down – even a little.
New data from GreatHorn’s 2021 Business Email Compromise Report indicated threat actors are having great success combining Business Email Compromise with spear phishing.
According to the report:
I’ve already covered how this deadly combination of BEC and spear phishing also includes the use of detailed impersonation efforts to keep the victim recipient’s defenses down.
When you add it all up, it’s evident that cybercriminals are working harder than ever to tailor campaigns down to the specific user. With the rise in “Cybercrime-as-a-Service” offerings, I suspect we’ll soon see the days of generic phishing emails to go by the wayside, in favor of custom attacks where the threat actor chooses a company, the service figures out who to target, a tailored spear phishing email is crafted, and the attack is executed.
Scary stuff, I know.
Because much of these attacks center around BEC – which tends to end in fraud via some kind of financial transaction – it’s critical that any employee involved with an ability to carry out any kind of financial transaction undergo continual Security Awareness Training where they learn about how cybercriminals target them, the impersonation tactics used, what kinds of malicious actions are they driving towards, and how to spot these attacks before they take hold.
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.