Phishing and Social Engineering scammers are shifting tactics, focusing efforts on low-level employees using a variety of methods as a means to cast a wider net within a targeted organization.
There are only so many executives in an organization, right? So, it makes sense that cybercriminals want to reach the most people with the least amount of work.
According to Proofpoint’s latest Protecting People Report, that’s exactly what they’re doing. The bad guys are using some very specific tactics and targets within organizations to achieve their goals:
- 30% of credential phishing attacks targeting generic company email addresses, such as sales@
- Individual Contributors and lower-level Management ranked higher than Executives as targets
- 80% of organizations were involved in attacks attempting to send email to 6 or more recipients
- 40% of organizations were intended recipients of 50 or more phishing email attacks
So, lots of emails being sent to lots of low-level individuals in the organization. That’s a recipe for disaster.
Without proper training, users will succumb to attacks that compromise their endpoint, their email, and their credentials, giving attackers the tools needed to being to move laterally within the organization, infect others with malware via corporate email, and island hop to attack other organizations.
These worker-level employees need to undergo Security Awareness Training to empower them to work with a security mindset – one that is constantly vigilant, looking for everything from the abnormal to the downright suspicious. This lowers the risk of falling victim and the ramifications that come with data breaches, ransomware, cryptojacking, and other types of cyberattack.