20% Of Organizations Have Compromised Microsoft Office Accounts
Cybercriminals send out three million messages from more than 12,000 accounts in 2021 according to the report. What’s more, their attempts to defraud businesses and individuals is not slowing down in 2022. In fact, according to new data out from Barracuda several types of fraudulent attacks are seeing a swift uptake in users. This is a growing concern for businesses who have struggled since the beginning of the pandemic to stem the tide of attacks against their infrastructure.
According to Barracuda’s latest report about 20% of organizations have found at least one Microsoft Office 365 account to be compromised; about half of phishing attacks (57%) are from brands impersonating Microsoft. Nearly half a million (500,000) Microsoft accounts were compromised by cybernasties in 2021.
SMBs More Likely To Be Targeted By Cybercriminals
One thing that is new with cybercriminals: the focus of smaller businesses. According to Barracuda’s report SMBs with fewer than 100 employees receive about 350% more social engineering attacks than larger enterprises. This should serve as a warning to SMBs to up their security game and increase education efforts for employees so that fraudulent attacks are more easily spotted.
“Email protection that relies on rules, policies, allow or block lists, signatures, and other types of traditional email security are no longer effective against the constantly evolving threat of socially engineered attacks,” write the report authors. “Hackers use a combination of tactics to trick their users into taking an action, such as giving up their credentials so that the attackers can get access to the company’s environment, sharing sensitive information that could be sold or used for further attacks, or simply sending a payment, gift cards, or a money transfer.”
Phishing Tops Fraud List Against Businesses
Phishing attacks continue to be the most prevalent against businesses, making up about 51% of fraudulent emails. However, more than one-third (37%) of cybercriminals are using extortion as an attempted fraud methods, and about 10% are using BEC – Business Email Compromise – methods.
BEC attacks typically are fraudulent emails that impersonate a legitimate email or sender, but can be sent from either inside or outside of an organization.
How To Protect Your Business Against Fraudsters
Experts with Barracuda say the best defense against fraudsters remains a good offense. They say using artificial intelligence to help detect against spear-phishing attacks, utilizing account takeover protections, and using multi-factor authentication remain the top ways that businesses – both small and enterprise level – can protect themselves against fraudulent attacks.
Better education of employees is another help, especially with the growing number of impersonation and account takeover attempts being made.