Hackers Target Middle Managers and Corporate Emails

 
 
By Karen A. Frenkel  |  Posted 04-30-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Corporate Clicks
    Next

    Corporate Clicks

    On average, users click one of every 25 malicious messages delivered. Attacks occur mostly during business hours, peaking on Tuesday and Thursday mornings, with 17% more clicks than on other weekdays.
  • Previous
    Why People Click
    Next

    Why People Click

    Users clicked on phishing emails in 2014 because hackers’ campaigns evolved and no longer matched the characteristics users had been trained to avoid. These include being wary of social media invitations.
  • Previous
    Hackers' Piggyback on Legit Messages
    Next

    Hackers' Piggyback on Legit Messages

    Hackers now target corporate users with attachments in high-volume campaigns, piggybacking on legitimate messages like email newsletters and opt-in marketing emails. As a result, users receive many malicious emails that they do not recognize as threatening.
  • Previous
    Attacks on Middle Management
    Next

    Attacks on Middle Management

    In 2014, managers doubled their click rates compared to 2013. Managers and staff clicked on links in malicious messages twice as many times as executives.
  • Previous
    Who Gets Duped Most?
    Next

    Who Gets Duped Most?

    Employees in Sales, Finance and Procurement departments click the most on malicious messages—50% to 80% more often than the average departmental click rate.
  • Previous
    Time Is of the Essence
    Next

    Time Is of the Essence

    Attackers lure two out of three users into clicking immediately, so organizations no longer have days or weeks to find and stop malicious emails. In contrast to last year, when only 39% of emails were clicked in the first 24 hours, this year that increased to 66%. By the end of the week, 96% of all clicks have occurred.
  • Previous
    Social Media Invitations Passé
    Next

    Social Media Invitations Passé

    Social media invitations, the most popular and effective email lures last year, decreased 94% this year. Attachments, rather than URLs, such as message notification and corporate financial alerts, increased 1,000% on some days.
  • Previous
    Most Popular Email Lures
    Next

    Most Popular Email Lures

    The most popular email lures this year included e-fax, voice mail notifications and corporate and personal financial alerts.
  • Previous
    Calculating Crimes
    Next

    Calculating Crimes

    Corporate financial lures ranked lowest as measured by click-through rate, but they deliver the highest yield. Attackers are doing expected-value calculations--delivery rate X payoff--and are counting on a click's high value to compensate for the lower overall click-through rate.
  • Previous
    Solutions
    Next

    Solutions

    To detect advanced malware, get malware analysis technology that uses a combination of techniques to evaluate advanced threats. Deploy solutions that leverage cloud-based big data analytics to "predictably detect" malicious URLs in unsolicited emails and block clicks before they lead to compromise.
  • Previous
    More Solutions
    Next

    More Solutions

    Deploy comprehensive security that leverages an agentless, cloud-based service with URL intelligence that protects users no matter when or where they click that URL.
 

Hackers are focusing more on businesses, particularly middle managers, rather than on consumers in order to exploit users' psychology and circumvent IT security, according to a new report. The findings underscore how human behavior, not just system or software vulnerabilities, impacts enterprise security and what defenses are needed in a world in which everyone clicks. Security and compliance firm Proofpoint, which specializes in cloud-based solutions for threat protection, conducted the study, "The Human Factor 2015." The report "validates the critical value of threat information and provides insight into how, when and where attacks are taking place," said Kevin Epstein, Proofpoint vice president of Advanced Security and Governance, "The only effective defense is a layered defense, a defense that acknowledges and plans for the fact that some threats will penetrate the perimeter. Someone always clicks, which means that threats will reach users." The company gathered data from its suite of threat protection products that are live within customer environments.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...