1 Indian firm receiving 5 spear-phishing emails per day: Report

New Delhi, May 30

One Indian organisation receives five highly-personalised spear-phishing emails per day and users at companies with more than a 50 per cent remote workforce are witnessing higher levels of suspicious emails, a report has revealed.

India has the highest number of suspicious emails per day and 53 per cent of Indian firms were victims of spear-phishing in 2022 and on average, 24 per cent had at least one email account compromised through account takeover, according to IT security firm Barracuda Networks.

On average, organisations take nearly 100 hours to identify, respond to and remediate a post-delivery email threat.

Meanwhile, India organisations take 67 hours to detect the attack and 53 hours to respond and remediate after the attack is detected.

"Even though spear phishing is low volume, with its targeted and social engineering tactics, the technique leads to a disproportionate number of successful breaches, and the impact of just one successful attack can be devastating," said Fleming Shi, CTO, Barracuda.

About 63 per cent of Indian respondents that experienced a spear-phishing attack reported machines infected with malware or viruses, 61 per cent reported having stolen login credentials or account takeover and 56 per cent reported having sensitive data stolen, the report noted.

Spear phishing is a highly-personalised form of email attack.

Spear-phishing emails typically try to steal sensitive information, such as login credentials or financial information, which is then used to commit fraud, identity theft, and other crimes.

Spear-phishing attacks make up only 0.1 per cent of all email based attacks, according to Barracuda data, but they are responsible for 66 per cent of all breaches, the findings showed.

"Users at companies with more than a 50 per cent remote workforce report higher levels of suspicious emails -- 12 per day on average, compared to 9 per day for those with less than a 50 per cent remote workforce," the findings showed.

Overall, the research revealed that cybercriminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks.

"To help stay ahead of these highly effective attacks, businesses must invest in account takeover protection solutions with artificial intelligence capabilities," said Shi.