How Cyber Criminals Choose Their Phishing Targets and Method of Attack

By Axis Marketing

lock on keyboard

Both phishing and spear-phishing scams can affect anyone. Phishing attacks are more expansive and don’t necessarily have a psychology behind who is attacked. Spear-phishing attacks, however, are more thought out and planned.

These attacks often have one of two targets: individuals or employers.



Cyber criminals target individuals because they are the easiest to compromise and the most susceptible to phishing attacks. This is because many people aren’t tech-savvy or educated on how to spot phishing emails.

In addition, individuals are attractive to hackers because they usually have a credit card or bank account. Phishers can gain a variety of sensitive information from an individual, including social insurance numbers, banking information, or eBay, Facebook, PayPal and Venmo credentials.

With this data in hand, cyber criminals can steal money or even identities with ease.



For employers, every one of their employees represents a potential exposure to phishing attacks. In fact, a skilled scammer could easily trick employees at every level of the organization. This puts a company’s financial information, trade secrets, confidential documents and network at risk.

Employers are often the target of highly focused spear-phishing campaigns as well. Using names and contact information easily retrieved from company websites, cyber attackers create convincing emails to fool employees.

In these attacks, scammers use job responsibilities, company details and co-workers’ names to lure users into spear-phishing attempts, giving hackers all they need to access company systems. Executives are not exempt either and might actually be easier targets, as their information is more widely available to the public on social media sites and company websites.

Targets of these attacks will typically vary based on a phisher’s motives and the type of data they’re after. While financial gain is often the primary driver for phishing attacks, stealing internal corporate data, leaking trade secrets or committing corporate espionage are also common goals.

Employers of all sizes and industries are at risk; however, online payment services, internet-based financial businesses and retail sites are among the most targeted sectors.



Cyber Assessments:

With the increased usage of technology in people’s lives to stay connected while mostly working from home, cybersecurity threats have also become a growing issue and require proper assessments to manage any security gaps and risks that can harm your business.

Therefore, it’s important to conduct proper cyber assessments to mitigate the possibility of having your company’s cybersecurity system breached.

Get a FREE Cyber Risk Assessment to see if you're properly protecting your business from cyber risks:

Get Your Assessment


Tags: Cyber

Let's Talk

At Axis we provide all lines of commercial and personal insurance. We would love to speak with you.