Security News > 2021 > July > The evolution of spear phishing and who criminals are targeting
"Whether it's taking advantage of the buzz around cryptocurrency, stealing credentials to start a ransomware attack, or tailoring attacks to less suspicious targets in low profile roles, cybercriminals are constantly adapting their tactics and making their attacks more sophisticated," per the report.
Among social engineering attacks analyzed by Barracuda researchers, phishing represented 49%, followed by scamming, BEC and extortion.
On average, IT professionals receive 40 targeted phishing attacks annually and this number jumps to 57 for CEOs.
Overall the brands most often used in the impersonation attacks include Microsoft, WeTransfer, and DHL, with the report noting that the top three have "Stayed consistent since 2019." Over the last year, Microsoft was impersonated in nearly half of phishing attacks, down from 56% in 2019, according to Barracuda data.
"Hackers impersonated digital wallets and other cryptocurrency-related apps with fraudulent security alerts to steal log-in credentials. In the past, attackers impersonated financial institutions targeting your banking credentials. Today they are using the same tactics to steal valuable bitcoins," the report said.
From May 2020 through June 2021, the report said the Barracuda researcher team looked at "More than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes" across 17,000 organizations.