Business email inboxes are being flooded with fraudulent messages, with cybercriminals looking to capitalize on gullible and overworked professionals.
This is according to a new report from GreatHorn, which states that spoofed email accounts were the most common form of Business Email Compromise (BEC) attack last year. Out of 270 IT and cybersecurity professionals surveyed, almost three-quarters (71 percent) reported one of these attacks.
Most of the time, attackers spoof an individual’s identity in the display name. Although basic, this strategy is often successful due to the ready availability of information online.
Cybercriminals are usually looking for account credentials and other means of accessing the target network; 57 percent of respondents said malicious links in phishing emails were designed to steal login information.
For almost a third of the respondents (30 percent), the majority of links lead to malicious websites. And of all the different business departments, the fraudsters most frequently launched attacks against finance (34 percent).
GreatHorn believes that the number of successful phishing campaigns will dwindle once employees return to their offices.
“With the majority of organizations operating on a fully remote or hybrid work schedule, the floodgates for cybercriminals have been opened,” said Kevin O’Brien, CEO of GreatHorn.
“They often target C-suite and finance employees as they have the most privileged information available to access. However, no employee is immune to these attacks; they can appear in anyone’s inbox and all it takes is a momentary lapse in judgment from an unsuspecting party to compromise an organization’s security.”