Hackers Target Middle Managers and Corporate Emails

Hackers Target Middle Managers and Corporate Emails

Corporate ClicksCorporate Clicks

On average, users click one of every 25 malicious messages delivered. Attacks occur mostly during business hours, peaking on Tuesday and Thursday mornings, with 17% more clicks than on other weekdays.

Why People ClickWhy People Click

Users clicked on phishing emails in 2014 because hackers’ campaigns evolved and no longer matched the characteristics users had been trained to avoid. These include being wary of social media invitations.

Hackers' Piggyback on Legit MessagesHackers’ Piggyback on Legit Messages

Hackers now target corporate users with attachments in high-volume campaigns, piggybacking on legitimate messages like email newsletters and opt-in marketing emails. As a result, users receive many malicious emails that they do not recognize as threatening.

Attacks on Middle ManagementAttacks on Middle Management

In 2014, managers doubled their click rates compared to 2013. Managers and staff clicked on links in malicious messages twice as many times as executives.

Who Gets Duped Most?Who Gets Duped Most?

Employees in Sales, Finance and Procurement departments click the most on malicious messages—50% to 80% more often than the average departmental click rate.

Time Is of the EssenceTime Is of the Essence

Attackers lure two out of three users into clicking immediately, so organizations no longer have days or weeks to find and stop malicious emails. In contrast to last year, when only 39% of emails were clicked in the first 24 hours, this year that increased to 66%. By the end of the week, 96% of all clicks have occurred.

Social Media Invitations PasséSocial Media Invitations Passé

Social media invitations, the most popular and effective email lures last year, decreased 94% this year. Attachments, rather than URLs, such as message notification and corporate financial alerts, increased 1,000% on some days.

Most Popular Email LuresMost Popular Email Lures

The most popular email lures this year included e-fax, voice mail notifications and corporate and personal financial alerts.

Calculating CrimesCalculating Crimes

Corporate financial lures ranked lowest as measured by click-through rate, but they deliver the highest yield. Attackers are doing expected-value calculations–delivery rate X payoff–and are counting on a click’s high value to compensate for the lower overall click-through rate.


To detect advanced malware, get malware analysis technology that uses a combination of techniques to evaluate advanced threats. Deploy solutions that leverage cloud-based big data analytics to “predictably detect” malicious URLs in unsolicited emails and block clicks before they lead to compromise.

More SolutionsMore Solutions

Deploy comprehensive security that leverages an agentless, cloud-based service with URL intelligence that protects users no matter when or where they click that URL.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles