The cybersecurity firm Proofpoint just released its 2022 edition of the Human Factor Report, which focuses on the lures and techniques that threat actors use to fool individuals into performing a certain activity and compromising an organization’s cyber defenses. Among many other findings, the report details how threats emanating from email continue to plague organizations. Specifically, the difference in email attacks containing malicious attachments versus malicious links. Email attacks containing malicious links were three to four times more common than attachment-based attacks. However, based on Proofpoint’s data, users are twice as likely to download a malicious file versus clicking on a malicious link.

In addition, the report highlights a rising trend in telephone-oriented attack delivery (TOAD) incidents. These attacks involve sophisticated social engineering wherein an adversary persuades a victim to call a number to fool them into providing them remote access or downloading malware. Proofpoint’s data shows more than 100,000 attempts to conduct TOAD attacks occur every day. Finally, the report also demonstrates that users with high privilege access are regularly exploited by threat actors to gain control over an organization’s network. Indeed, the 10 percent of users classified as administrators or managers in the dataset represented almost 50 percent of users who are at the most severe risk of attack. Read more at Proofpoint.