Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

More than half of employees admit falling victim to a Business Email Compromise attack in last year

 

London, 14 June 2022 – 52 per cent of employees have admitted to falling victim to a Business Email Compromise (BEC) attack, according to Tessian’s 2022 Psychology of Human Error report.

Email security provider Tessian teamed up with academics from Stanford University to observe the cyber security impacts of hybrid working, 18 months on from their previous report in 2020.

Their research found that BEC attacks have become increasingly successful, with more than half of employees (52 per cent) falling victim to a spear phishing email where a cybercriminal impersonated a senior executive, up from 41 per cent in 2020. Conversely, the percentage of employees who fell victim to a phishing attack whereby a cybercriminal impersonated a well-known brand dropped.

Jeff Hancock, Harry and Norman Chandler Professor of Communication at Stanford University, who contributed to the report, explained: “Attacks are becoming more sophisticated because there is so much information about ourselves online now. The attacker knows more about their target than the target knows about the attacker and they’ll use that asymmetry to craft more targeted attacks and make their targets like them and trust them more.

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking and Finance Review, Alpha House, Greater London, SE1 1LB, https://www.globalbankingandfinance.com/. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

“Attackers will also leverage the core principles of influence such as social proof, and a strong version of social proof is one that invokes authority. As humans, we are deferential to authority so if our default is to ‘do what the boss says’, and a cybercriminal impersonates a senior executive at the company, it increases the probability that the attack will work.”

It was also reported that just over one in four employees, 26 per cent, had fallen for a phishing scam at work in the last 12 months, rising slightly from 25 per cent in July 2020. Interestingly, younger employees were found to be five times more likely to click on phishing emails at work than older employees, with 39 per cent of 18-24-year-olds admitting to falling victim.

People were also susceptible to phishing attacks over SMS (smishing), with one-third of respondents being duped by a smishing request in the last 12 months, compared to 26 per cent of those who fell for phishing scams over email. Older employees were more susceptible to smishing attacks; one-third of respondents aged over 55 complied with requests in smishing scam versus 24 per cent of 18-to 24-year-olds.

Josh Yavor, Chief Information Security Officer at Tessian, said: “As the threat landscape continues to evolve, and employees are targeted by more sophisticated and convincing email and smishing attacks, security leaders need to create a culture that builds trust and confidence among employees and improves security behaviours, by providing people with the support and information they need to make safe decisions at work.”

Recent Post: