Unhappy with your email results? Take a look at how well phishing artists are doing.
Most of us are familiar with the broad term “spear phishing.” It covers a range of pathologies. Typically, spear phishers attempt to extract sensitive information from employees at a company, although others seek only to con money out of people. Just know that 71% contain malicious URLs.
Want to know what you’re up against in the inbox? Phishing artists are making money with several forms of cyber crime — all facilitated by email, according to Spear Phishing: Top Threats And Trends, a study by Barracuda.
Here are the types of attacks, and the percentages:
- Phishing — 50%
- Scamming — 36%
- BEC — 12%
- Extortion — 2%
Here are the definitions.
Phishing — These are the classic attacks that impersonate brands and domains. Some are also form-based attacks that leverage productivity sites like sway.office.com. Many take a personal tone. For instance, while 87% of phishing emails are sent during the work week, those sent on weekends might say something like, “Hello. I hope you’re enjoying the weekend. I need your attention please kindly reply when you get this. Thanks.”
Scamming — This, too, is a broad term that covers almost everything dishonest or malicious. Barracuda cites specific swindles, including tech support, foreign money exchange, charity and political donation scams.
Business Email Compromise (BEC) — Also known as whaling, CEO fraud, and wire-transfer fraud. These often consist of wire/invoice fraud that payment departments fall for. Then there are payroll scams, in which employees are asked to change account details for payroll deposits. Gift card scams are also effective. Only 30% of BEC emails contain a link.
Extortion — In these attacks, criminals threaten to expose compromising videos or information on victims — unless they pay up. You have to be gullible (or have a guilty conscience) to fall for this. Last year, these scams pulled in $107 million, according to the FBI.
Those are the basic threats. But Barracuda also notes a couple of other things to watch out for.
Lateral Phishing — In essence, they are scams you send to yourself. lateral phishing attacks; these are spear-phishing attacks that are sent internally, usually from potentially compromised accounts. They now account for 13% of spear-phishing emails.
Redirect Attacks — This occurs when the attackers lure victims to other URLs through multiple redirects, including Google and Apple redirects.
COVID-19 — On the positive side (yes, there is one), COVID-19-related scams have cooled a bit, although they still exist. Typically, they ask for donations or investments, or ply inheritance scams. But it shows “how quickly attackers can react to current events.”
For the record: We are not encouraging marketers to use these tactics.