Real-life phishing stories demonstrate how any company or individual may become a target and, sadly, a victim. Phishers aren’t too specific about who they want to draw in with their schemes—they often cast as wide a net as possible, dragging in numerous people regardless of their job title, skill, or industry.
Targets aren’t just the upper management of a company; the truth is, anybody can be a victim. Even random targeting can allow phishers to gather sensitive information about anyone online, such as their contact details and financial data, which they will use to their advantage.
Common Targets of Phishing Scams
Employees at all company levels can be scammed, so no one should believe they are immune to being duped by skilled phishers. Scammers may readily obtain company email addresses, organisational hierarchy, and projects that individual teams are working on just by browsing a company’s website or social media page. They might use various names, job duties, and coworkers’ names to trick users into falling for phishing scams and providing the information needed to access business systems.
Higher-ranking CEOs aren’t immune, and their information is more freely exposed to the public, making them easier targets. According to a Cloudmark survey, C-suite executives are often targeted by phishing attempts: 27 per cent of the 300 respondents said their CEOs had been targeted. In comparison, CFO assaults accounted for 17 per cent of the incidents.
Executives have been one of the most targeted groups for years. Thousands of high-ranking executives received what seemed to be official subpoenas by email in the United States District Court in San Diego in 2008, proving that no one is safe from social engineering threats.
Each email was meticulously prepared and featured specific business, name, and phone number information, as well as a file containing a supposed copy of the subpoena, which at least 2,000 executives upon delivery carelessly accessed. The file contained a keystroke logger as well as malware that could remotely manipulate their computers.
One of the issues with phishing threats is that the targets are not always obvious. Instead of selecting specific victims, many phishers instead aim to lure in as many people as possible. For example, a bulk email requesting bank account login credentials might supply the information needed by less competent hackers to earn financial gain by illegal wire transfers or account opening through identity theft.
Phishers also frequently target a company and a specific set of employees (workers, management, executives) in charge of a project or service. The choice will depend on the phisher’s motive, including stealing internal business data and trade secrets.
According to the same Cloudmark survey, the targeted group of employees inside organisations was typically the IT staff (44 per cent) because of their influence over the technical infrastructure and access to data, followed by the finance staff (43 per cent) in charge of everything money-related.
Motives of Phishing Scams
Scammers’ motives might also be different—some attempt to steal personally identifiable information (PII) for financial benefit or to access financial information. There are also reported phishing attacks that attempted to pry into the secrets of industrial giants.
Money and trade secrets aren’t the only reasons for these scams. Social and political considerations are also possible motives, leading phishers to select unpredictable targets. For example, they may be hired to cause a competitor’s reputation to suffer. There is truly no end to what these malicious third parties will do.
Phishing may target every industry and individual, from a business executive to a home social network member or an online banking customer. This is why it’s imperative to take preventive measures against phishing and be very careful about what you do online.
As a leading digital brand protection company, FraudWatch has been protecting client brands around the world since 2003. We provide brand protection against phishing, malware, social media, and mobile apps impersonation. Contact our experts today for all of your digital brand protection needs!