Human targeted attacks continued to lead the pack in 2016. Attackers’ used automation and personalisation to increase the volume and click-through rates of their campaigns. Taking a page from the B2B e-marketer’s playbook, cyber criminals are adopting marketing best practices and sending their campaigns on Tuesdays and Thursdays when click-through rates are higher. Meanwhile, BEC and credential phishing attacks targeted the human factor directly--no technical exploits needed. Instead, they used social engineering to persuade victims into sending money, sensitive information and account credentials.
Timing is everything—attackers know that hitting your employees with a well-crafted email at the just the right time produces the best results. Of course, this varies by region. So if you are responsible for worldwide SecOps, you need visibility into not only attack patterns but also when and which employees tend to click.