More than nine in 10 (92%) organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023, according to a new report by Barracuda.
Scamming and phishing continued to make up the vast majority (86%) of social engineering attacks last year.
There were some notable trends in how attackers are targeting users via social engineering techniques:
- Conversation hijacking: This is where attackers compromise business accounts through phishing attacks, and then monitor the compromised account to understand business operations and to learn about deals in progress, payment procedures and other details. This information is leveraged to craft authentic-looking and convincing messages from the impersonated domains to trick victims into wiring money or updating payment information. Conversation hijacking only made up 0.5% of social engineering attacks in 2023, but this represents a nearly 70% rise compared to 2022.
- Business email compromise (BEC): These attacks, in which the hacker typically impersonates an execute to trick employees to transfer money, often via gift cards and wire transfers, made up 10.6% of social engineering attacks last year, up from 8% in 2022.
- Extortion: These attacks involve hackers threaten to expose sensitive or embarrassing content to their victims’ contacts unless a ransom is paid out. Extortion attacks made up 2.7% of the total social engineering attacks in 2023.
Tags:
No tags.
