Spear phishing email attacks remain a top problem for businesses, according to the 2019 State of The Phish Report published by Proofpoint, a cybersecurity vendor. Sixty-four percent of information security professionals Proofpoint surveyed said their organizations had experienced a spear phishing attack last year. Spear phishing emails are those sent to specific individuals to gain sensitive information and often target small to midsized businesses.
Some companies want to educate employees about these scams, so they participate in educational programs that include sending simulated phishing emails to their employees and tracking open and clickthrough rates. Based on data from its customers sending simulated spear phishing emails, Proofpoint found four types of messages that recipients are vulnerable to.
- Corporate emails, which are notices related to mailbox notifications, benefits enrollment, invoices, or other confidential human resources information.
- Consumer emails, which mimic familiar emails about store discounts, social media notifications, membership renewal, and so forth.
- Commercial emails, which are business emails related to work, such as tracking confirmations, wire-transfer requests, and payment confirmation.
- Cloud emails, which encourage the recipient to download or edit a document in cloud storage.
The report points out that email spear phishing typically targets people and isn’t about installing malware or gaining access to a computer network. That’s why you should become familiar with common email phishing practices and warn your clients about their heightened potential to receive suspicious emails related to their real estate transactions.