A new report from cybersecurity firm Avanan found that their customers in the IT, healthcare and manufacturing industries were facing the highest number of phishing emails.
The most attacked industries are IT, healthcare, and manufacturing. IT saw over 9,000 phishing emails in a one month span, out of an average of 376,914 total emails. Healthcare saw over 6,000 phishing emails out of an average of 451,792 total emails and manufacturing saw just under 6,000 phishing emails out of an average of 331,184 total emails.
“With hospitals around the world being hit with ransomware attacks and manufacturers experiencing supply chain disruption due to cyber attacks, the Avanan research shows that hackers are using one of the most basic tactics to get in — phishing attacks,” says Gil Friedrich, CEO and co-founder of Avanan.
Avanan researchers also noted the Junk Email folder in many inboxes has become a haven for phishing emails, confusing many users who look through their Junk folders for marketing emails and subscriptions.
The report said SCL scores of 5,6, and 9 will be sent to a Microsoft user’s Junk folder, leaving them alongside more legitimate emails offering deals and other things.
“You now have monthly subscriptions, newsletters, and targeted phishing attacks in your spam folder, and you have to leave it up to the end-user to decide which ones are safe to open,” one unnamed CIO told Avanan researchers.
The same happens for Google users but Microsoft users see 89% more emails in Junk than Google does, according to the report
Phishing and credential harvesting attacks continue to be the main reasons for spoofing. Credential harvesting, 54% of all phishing attacks, is up almost 15% compared to 2019. 20.7% of all phishing attacks are Business Email Compromise (BEC) and only 2.2 % of phishing attacks are extortion.
There also appears to have been a move away from targeting top executives. Now, 51.9 percent of all phishing emails attempt to impersonate a non-executive in the organization. In fact, non-executives are targeted 77 percent more often.
Misconfiguration is also playing an increasingly important role in phishing. More than eight percent of phishing emails ended up in the user’s inbox simply due to incorrect permission or block list settings, a five percent increase from last year and 15.4 percent from email attacks are on an allowed list.