TechRepublic reports that risky cybersecurity behaviors have been disclosed by 55% of U.S. workers, with 26% clicking email links redirecting to suspicious sites and 17% having their credentials accidentally compromised.
Proofpoint researchers discovered that only 50% of employees were able to correctly determine phishing, as smishing attempts, which leverage text messages, increased by more than twofold in 2021. Moreover, phone call-based phishing attacks have also risen, with more than 100,000 daily telephone attack attempts reported last year.
The report also showed that stolen credentials have been increasingly used in email-based phishing attacks, which often involve threat actors spoofing corporate executives. More attackers have also been engaging in email thread hijacking, according to researchers.
"Unlike a random, unknown address, a victim is more likely to believe an email is legitimate if its coming from their boss. We have seen these tactics employed to falsely solicit bank transfers and invoice payments, all because the request was coming from the email of a known employee from inside the organization," said Proofpoint Executive Vice President of Cybersecurity Strategy Ryan Kalember.