Spear Phishing: Top Threats and Trends

Share This

Cybersecurity for All Industries

Cybercriminals are constantly refining their tactics and making their attacks more complicated and difficult to detect. Barracuda researchers share their insights on the most recent trends in Spear Phishing: Top Threats and Trends and the new methods attackers are using to trick their victims. Read the full report here. 

Here are some key stats to highlight the importance of a strong cybersecurity strategy:

  • 51% of social engineering attacks are phishing
  • Conversation hijacking grew almost 270% in 2021
  • An average employee of a small business with less than 100 employees will receive 350% more social engineering attacks than an employee of a larger enterprise.
  • Microsoft is the most impersonated brand, used in 57% of phishing attacks
  • 1 in 5 organizations had an account compromised in 2021
  • Cybercriminals compromised approximately 500,000 Microsoft 365 accounts in 2021

Spear Phishing: Top Threats and Trends

Education, healthcare, commercial manufacturing, hospitality — organizations from every industry fell victim to cyber-attacks, losing millions of dollars in recent years. What is the most common way these organizations are being infiltrated? Even though organizations can stop millions of attacks, email threats are still succeeding because they are becoming increasingly complex and sophisticated. A significant shift is underway as cybercriminals move from volumetric to targeted attacks, from malware to social engineering, from operating as single hackers to forming organized criminal enterprises profiting from attacks that begin with a single phishing email.

Researchers at Barracuda have identified 13 email threat types faced by organizations today. These range from high-volume attacks, such as spam or malware to more targeted threats that use social engineering such as business email compromise and impersonations. Of these, social engineering emails are the most common. Here are the top 5 threats in today’s workplace:

  1. Business email compromise, or BEC, attacks usually involve impersonating an individual either inside or outside of an organization. In 2021, these attacks made up 9% of all the socially engineered attacks.
  2. Phishing impersonation attacks will usually pose as emails from a well-known brand or service in order to trick victims into clicking
    on a phishing link.  Almost all the attacks will include a malicious URL. These attacks make up 51% of all socially engineered threats in the past year.
  3. Extortion attacks make up only 2% of the total number of targeted phishing attacks. These attacks were mostly sextortion email threats, where hackers threaten to expose sensitive or embarrassing content to their victim’s contacts unless a ransom is paid.
  4. Scamming attacks can take many shapes and forms, ranging from claims of lottery wins and unclaimed funds or packages, to business proposals, fake hiring, donations, and other schemes. Scamming attacks tend to be a little less targeted than other types of attacks, but they represent 37% of all social engineering attacks.
  5. Conversation hijacking, also known as vendor impersonation, is a type of targeted email attack in which cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts.

Best Protection Practices

  • Take advantage of artificial intelligence.
  • Deploy account-takeover protection.
  • Monitor inbox rules and suspicious logins.
  • Use multi-factor authentication.
  • Implement DMARC authentication and reporting.
  • Automate incident response.
  • Train staffers to recognize and report attacks.
  • Review internal policies.
  • Maximize data-loss prevention.

Hire Help When Needed

Cybersecurity is just one component of a solid IT Department, and protecting your network against imminent threats needs 24/7 monitoring and proactive response.  When planning your cybersecurity, there are four key segments that must be addressed to ensure your security takes a robust and thoughtful 365-degree approach. This quadrant system is commonly referred to as D.U.N.E processing:

  • Data
  • User
  • Network
  • Endpoint


Global CTI’s RADIANT Managed Services includes a full suite of cyber products to help ensure your network and people stay secure. Download our RADIANT Solution Sheet and learn how we might be of service to you.

Thanks to our partners at Barracuda Networks for sharing their research.

Related Blogs

As teams become more mobile, working across multiple locations and in-field environments...
How companies do business has fundamentally changed post-pandemic. Many organizations have moved...
  If you don’t have one already, there’s a good chance that...
  At its core, a firewall acts as a barrier between a...
How Does Teams Play In Today’s Evolving Work Environments? Increasing pressures on...
Mitel Product Updates for UCaaS When Mitel announced its strategic partnership two...

Join Our Newsletter & Learn

Get our latest content delivered to your inbox.