Brand impersonation is now the tool in 83% of spear-phishing attacks and sextortion scams is the tool for 10%, according to Spear Phishing: Top Threats and Trends. a new report from Barracuda.
In addition, Gmail is the preferred service for sending one out of three business email compromise attacks.
In other highlights, Barracuda found that:
- Impersonating Microsoft
is a popular technique for taking over accounts.
- Financial institutions are impersonated in almost one out of five phishing attacks. Finance department employees are commonly targeted.
- Most sextortion subject lines contain a security alert of some form.
- Attackers often place the victim’s email address in the subject line.
- Over 70% of BEC subject lines
attempt to establish rapport or urgency, with many implying that the topic has already been discussed.
- Scammers often change the display name on Gmail and other email accounts to make the
email look like it came from a fellow employee. This is especially convincing to someone on a mobile device.