Over half of employees in the UK and US have admitted falling victim to a business email compromise attack, according to new research.

A study from Tessian, which surveyed 1000 working professionals in the UK and 1000 in the US, found that 52 per cent have fallen victim to a spear phishing email where a cybercriminal has pretended to be a senior executive. This is up from 41 per cent in 2020.

The research explored the cyber security impacts of hybrid working, 18 months after another report from the company was published.

However, number of employees who fell victim to a phishing attack whereby a cybercriminal impersonated a well-known brand declined during the same period.

“The attacker knows more about their target than the target knows about the attacker and they’ll use that asymmetry to craft more targeted attacks and make their targets like them and trust them more,” said Jeff Hancock – Harry and Norman Chandler professor of communication at Stanford University. “Attackers will also leverage the core principles of influence such as social proof, and a strong version of social proof is one that invokes authority.

“As humans, we are deferential to authority so if our default is to ‘do what the boss says’, and a cybercriminal impersonates a senior executive at the company, it increases the probability that the attack will work.”

Share Story: