The Channel logo


By | John Leyden 22nd April 2015 06:01

It's official: David Brents are the weakest link in phishing attacks

Middle managers are infosec's biggest problem, says study

Middle management are increasingly becoming the focus of phishing attacks, according to a new study.

Managers received more malicious emails and doubled their click rates year-on-year, according to a study by security company ProofPoint.

Senior staff seemed more clued up about dodgy emails, meaning managers and staff clicked on links in malicious messages two times more frequently than executives.

ProofPoint’s Human Factor Report study provides details on the percentage of malicious links in emails that actually get clicked on, and the industries and job roles that are most heavily targeted with phishing.

On average, one of every twenty-five malicious messages delivered are clicked by users. The volume of messages an organisation receives has little to no impact on the click rate: every organisation clicks, and the rate of clicking for an organisation was never zero.

All industries are being targeted with malicious messages, but workers in banking and finance received more then their fair share (41 per cent more than the average). Elsewhere, the higher value of personal health records and insurance cards on the black market are pushing hackers towards targeting organisations in health care and insurance.

Intellectual property theft and the opportunity for direct financial transfers means cybercriminals are attacking previously untouched sectors such as manufacturing, shipping, energy, utilities and even construction.

While malicious messages are largely targeted very evenly across organisational departments, staff in sales, finance and procurement departments clicked on links in malicious messages 50-80 per cent more often than the average departmental click rate. Attackers are targeting corporate financial users with access to payments and funds transfers, rather than indiscriminately spamming all and sundry.

The most-clicked email lures were communication notification lures such as e-fax and voicemail message alerts. Use of social media invitation and order confirmation lures – the most popular and effective email lures last year – decreased dramatically. Email lures that employ attachments rather than URLs, such as invoice and account statement lures, increased significantly as a vector of hacking attacks.

The majority of malicious messages are delivered during business hours – peaking on Tuesday and Thursday mornings – and Tuesday is the most active day for clicking, with 17 per cent more clicks than the other weekdays. ®

comment icon Read 36 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe