A longstanding concern for both individuals and organisations, is what’s called a social engineering attack. These attacks, sent by fraudsters, are likely to target employees either in the finance or executive teams of a company by way of spear phishing attacks— business email compromise (BEC). After all executive teams and the staff in finance have authority over financial matters, that the fraudsters want to exploit.

This has now changed.

“Spear Phishing: Top Threats and Trends” [PDF], the latest report conducted by Barracuda states that 77% per cent of “low profile” staff members, those not in executive roles are now the spear phishing favourites. For instance, an average of 40 phishing emails per year come to staff members of the IT department and the sales department. That’s to say, 1 in every 5 BEC phishing emails sent the company’s way.

Bar graph of the total volume of BEC attacks aimed at certain recipients in a company

In any workplace, there is collaboration between internal departments and external partners. For example, a sales rep is used to getting “external messages from senders they haven’t communicated with before” as well as being reliant on the finance department to draw up invoices and pay for hardware. In other words, the Sales department is good place for hackers to be able to gain a point of “entry into an organization and launch other attacks.”

Meanwhile, executives and those in finance are still not off the hook entirely, even though other employees are being targeted more in BEC attacks. That’s because on average a CEO receives 57 phishing emails per year.

Bar graph of the total volume of phishing attacks aimed at certain recipients in a company

Most importantly, criminals are looking for the weakest link in your company, no matter who they are trying to target. One- click from an unsuspecting employee is all it takes. So, they keep phishing for their next victim who’ll fall for their schemes. Above all, ensure all your staff have cybersecurity training. Education and awareness are key as many ransomware attacks succeed due to human error, by inadvertently clicking on the wrong link.

In other words, it’s important. Not only for the organisation but for you as an individual. After all we all use computers in our everyday lives for personal and business use. Therefore, we need to recognize the red flags of phishing attempts, on our computer and mobile devices.

How can we make your business better with IT?