According to Proofpoint’s 2022 Human Factor report, 55% of U.S. workers admitted to taking a risky action in 2021. Twenty-six percent clicked an email link that led to a suspicious website, 17% accidentally compromised their credentials and only half were able to correctly identify the term phishing.
“The other part to this equation is that threat actors have gotten a lot better at employing social engineering in their attacks,” said Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy. “We see threat actors leverage real life events to solicit an immediate, emotional response, such as with the Ukraine conflict. We also see threat actors employ a combination of email, call centers and live interactions to sell the idea that the communication is legitimate.”
Key to the successful execution of these email-based phishing attacks is trust, the report said. More than ever, hackers today are using stolen credentials to not only gain access to networks and systems but also execute business email compromise and privilege escalation attacks.
No comments:
Post a Comment