Symantec’s most recent “Internet Security Threat Report” contradicts the idea of corporate CEOs being the biggest targets for cybercriminals. Instead, it’s those who work for high-level executives who are targeted for phishing scams—an attempt to get someone to open an attachment or share information through a seemingly legitimate email.
Criminals target administrators and PR people because they are the employees who sift through invoices, payment advice and documents or voicemail messages. They are trained to deal with the public, which makes a lot of their information accessible. The report found that more than 50% of email attachments used in phishing attacks contained executable files.
The study also found phishing attempts are becoming more elaborate: In the “Francophoned” attack in France, an administrative assistant to a vice president at a multinational company received an email with a fake invoice attached; moments later, she received a phone call in which someone identifying himself as another vice president instructed her to process the invoice.
Criminals have become clever about their phishing campaigns. The Internet gives them everything they need: line of command at a company, email addresses and phone numbers. The study found that public administration was the most commonly targeted sector worldwide: 16% of phishing attacks targeted people who work in public administration. Professional services such as engineering, accounting, legal and health came in second at 15%, and nontraditional services such as amusement and repair were third at 14%.
— Adapted from “Executive assistants the weak spot in corporate security,” Stuart Corner, The Sydney Morning Herald.