A majority of email links lead to malicious sites
A new email security report from GreatHorn reveals that 30 percent of links received by email lead to malicious sites.
Spoofed email accounts or websites are the most experienced form of a business email compromise (BEC) attack as 71 percent of organizations acknowledge they have seen one over the past year. This is followed by spear phishing (69 percent) and malware (24 percent).
Almost half of all BEC attacks result from the spoofing of an individual's identity in the display name. Among those spear phishing emails, cybercriminals are also using company names (68 percent), names of individual targets (66 percent), and the name of boss/managers (53 percent) to conduct their attacks.
What makes BEC attacks so successful is the availability of basic personal information online, this can be used against an employee who might be suffering from screen or email fatigue -- thus stealing credentials to gain access to confidential and important data. Employees are more susceptible to clicking on malicious links after recognizing a familiar name or other relevant identifiers that could relate to their job. A majority of respondents (57 percent) say that malicious links in phishing emails intend to steal credentials, giving cybercriminals full access to confidential information.
"The findings in this report confirm the industry trends we've seen over the past year. With the majority of organizations operating on a fully remote or hybrid work schedule, the floodgates for cybercriminals have been opened," says Kevin O'Brien, CEO of GreatHorn. "Cybercriminals want the keys to the castle, which they achieve by stealing credentials. To do so they often target C-suite and finance employees as they have the most privileged information available to access. However, no employee is immune to these attacks; they can appear in anyone's inbox and all it takes is a momentary lapse in judgment from an unsuspecting party to compromise an organization's security."
Finance departments are prime targets, as 34 percent say finance-related employees are the most frequent victims of spear-phishing attempts. When employees return to physical offices, real person interactions may help reduce the number of successful phishing attacks as people can more easily verify the legitimacy of an email.
Among other findings, one in four organizations say that 76-100 percent of malware they detect is delivered via email. 39 percent of organizations say they experience spear phishing on a weekly basis, and 65 percent of IT security pros say their organization has experienced spear phishing in 2021, while 51 percent say it has increased in the last 12 months.
On a brighter note, 69 percent say that their organization is prepared to handle a cyberattack, and 71 percent believe their employees are prepared to identify a malicious email.
You can get the full report from the GreatHorn site.