According to a Proofpoint study that analyzed 160 billion emails delivered to 2,400 global companies at the end of 2017, 88.8 percent of organizations were targeted by at least one email phishing attack over the past year. This is an increase over its 2016 report conclusion of 75 percent.
In addition, more identities were spoofed in 2017, and almost fifty percent of organizations had more than five spoofed email identities. This is when fraudsters leverage spoofed emails to impersonate individuals within an organization to trick their victims. Proofpoint found that the spoofed emails concentrated on job titles related to finance and/or accounting.
Proofpoint found that social media-themed email phishing attacks were highly successful, and spoofed LinkedIn notifications were the most convincing. Fake LinkedIn emails actually fooled 53 percent of test subjects.
Surprisingly, a PDF is the most common file type used in cyberattacks, according to a report by Barracuda Networks, which found that 41 million malicious PDFs were sent by email over a three month period.
The message is clear: emails continue to pose a high risk to companies and employees must be knowledgeable about the fact that they are being attacked every day and are a high risk to their employer.