© ContactCenterWorld.com
Response-Based Email Threats Targeting Corporate Inboxes Are The Highest Since 2020, According To HelpSystems #contactcenterworld From April through June, researchers at Agari and PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting enterprises and their employees. The report uses the data from those attacks to present key trends shaping the threat landscape. A response-based threat is a social-engineering attack that relies on victims responding through a chosen channel of communication, and comprises methods such as phishing (targeting victims over email), vishing/smishing (over a voice call or an SMS text message) and advance-fee fraud where victims are tricked into sending an upfront-fee in exchange for a larger sum of money – also known as a 419 or Nigerian scam. According to the report, advance-fee scams represented 54 percent of all response-based email threats in Q2. This threat type has seen a 3.4 percent increase in share of reports so far in 2022, and routinely occupies the majority of response-based attacks. Business Email Compromise (BEC), where threat actors pose as a trusted source, such as a company employee or third-party contractor, also experienced an increase in Q2, contributing to 16 percent of overall attack volume. And while the share of attacks was down from Q1 among other threats within the response-based category, hybrid vishing (email-initiated voice phishing) attacks also increased by volume, reaching a six-quarter high in Q2, increasing 625% in volume from Q1 2021. "Response-based attacks consistently represent a significant portion of phishing volume, which highlights the fact that social engineering tactics continue to prove effective for criminals," said John Wilson, Senior Fellow, Threat Research at HelpSystems. "We’ve seen threat actors continue to adapt 419, vishing, and BEC lures, so it is clear that most threat actors aren’t reinventing the wheel, but instead relying on new variants of the same socially engineered threats that have proven successful in the past." Additional Key Findings
"While most reported emails are typically not malicious, the proactive identification and reporting of suspicious emails is critical to keeping enterprises secure from credential theft, response-based, and malware attacks. Going forward, security teams should counteract the attack footprint by investing in cross-channel monitoring and partnerships with technology providers where abuse may occur," concludes Wilson. #contactcenterworld Date Posted: Monday, August 15, 2022 About ContactCenterWorld.com ContactCenterWorld.com is the world's premier on-line resource for the call and contact center industry. This article is one of hundreds available on-line to registered members. Our resource is updated every working day and includes content from every corner of the world. If you are not a registered member go to www.ContactCenterWorld.com and register today. |