How to
Ryan Harnedy
Jul 2016

Meet the Biggest Phishing Targets in Your Office

Photo by Source


Give a man a fish you feed him for a day. Teach a cyber criminal to phish, and it can wind up costing companies almost $4 million per year.

The rise of spear phishing has enabled cyber crooks to tailor their attacks to specific departments, teams, and employees within a company. The focused nature of these attacks enables phishers to develop more personalized messages that can be significantly more convincing as well as damaging.

Before you can begin reducing your risk of phishing attacks you must first understand who phishing attacks target and what cyber criminals hope to gain from them.

Who are the Biggest Spear Phishing Targets at Your Office?



1) Executives

Why they're targeted:

Habitually busy and no strangers to urgent requests, phishers rely on executives not having the time to closely inspect each email they get as they rush from one meeting to the next.

Phishing attacks on executives typically take the form of a request for confidential information from someone they know or do business with regularly.

How you can help:

Executives love to be reminded how important they are. If you explain to them that it’s their high value that makes them so likely to be phished they’ll be much more receptive to training that will make them less likely to get caught in a phishing scam.

Phishers who target executives will often utilize publicly-available information they get from social media sites to help make their emails look more convincing. Coach your executives to limit the amount of private information they share online, and not to trust an email just because the sender references information that can be found online.



2) Administrative Assistants

Why they're targeted:

Keepers of the calendar and phenoms of the phone screen, administrative assistants handle all of the behind-the-scenes scheduling, organizing, and gatekeeping that enables executives to do their jobs.

Because of this close association with executives and access to their accounts, admins are some of the most highly-prized phishing targets at your company. Attackers view them as softer targets who can still give up the keys to the kingdom.

Phishing attacks on administrative assistants usually take the form of a request from another executive or a vendor they do business with. As an example, an email can instruct the admin that an exec has already approved a request and the admin just has to click on a link or send along extra information.

How you can help:

Administrative assistants are very protective of the executives they report to, and they hate to feel like they’re wasting the boss’ time. They’re people who help other people for a living, so the best way to reinforce the importance of avoiding phishing attacks is to remind them that being a little proactive now can save everyone time and major headaches down the line.

Admins are also typically people who thrive on schedules, to-do lists, and process. Providing a clear procedure for how to deal with suspicious emails will appeal greatly to these folks, and will make it much more likely that they'll stay vigilant and avoid getting phished.


3) Salespeople

Why they're targeted:

Salespeople are always chasing the next deal. The average day for a salesperson involves a large number of small tasks — making calls, sending quotes, meeting clients, and closing deals. They're always on the lookout for emails from prospective customers, and will reply quickly to any incoming email or phone call.

Spear phishers can target salespeople by impersonating a prospective customer and telling them that they need to visit a site or download a file because it’s part of the buying process. Salespeople tend to be people-pleasers, so they’re less likely to check to make sure the site is secure or the attachment isn’t infected before they click.

How you can help:

For salespeople, time is money. Reminding them about the downtime a phishing attack can cost them is one of the most effective ways to get them to understand the importance of guarding against these attacks.

Some varieties of ransomware require macros to to be enabled in order to work. Disabling macros across your network will also help keep a salesperson from accidentally executing a ransomware program.


4) Human Resources

Why they're targeted:

By their very nature, members of the HR team are people who like helping others. Their role is often built around sharing information, and they have access to a lot of it. Payroll data, W-2s, employee benefits information, the list goes on.

Phishers can take advantage of this by posing as an employee looking for help accessing their own info, or a high-level executive asking for large amounts of confidential information.

How you can help:

HR is a job that appeals to “people people.” Take some time to remind them of the potential harm phishing attacks can cause other team members if they aren’t vigilant.

You should also periodically  remind members of the HR team that any requests they receive from an employee asking for sensitive information should be verified either over the phone or face to face.


How to Take the Next Step & Protect Employees from Spear Phishing

Training users to be aware of, and avoid, phishing attacks is a crucial step in preventing data breaches, malware infections, and ransomware attacks. If you’d like to learn more about how phishers target your users and what you can do to keep your company from getting caught in a phish fry download our Phishing Field Guide: How to Keep Users Off the Hook.

Photos by Benjamin Child, Laura Cummings, Fort Carson

Ryan Harnedy

Ryan Harnedy

Ryan writes about how to make cybersecurity make sense to end users and keep employees safe from ransomware, malware, and phishing attacks. He enjoys decoding buzzwords and sharing security tips that users might actually follow.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.