Email Impersonation Attacks Reach All-Time High
Malicious emails have reached a crescendo in 2023 according to the latest report from cybersecurity and software services provider Fortra. Email impersonation threats such as BEC currently make up nearly 99% of threats, and of those 99% of threats observed in corporate inboxes are response-based or credential theft attacks.
Email impersonation threats are proving to be the most difficult to block as social engineering helps cyber criminals successfully deceive both end users and the security tools designed to protect them.
Other key findings from the research compiled by Fortra’s email security group, which includes Agari, Clearswift and PhishLabs, reveal:
- More than 60% of email threats impersonated a well-known brand name such as Microsoft or Google.
- 36% of email display names are altered to a more granular level and pose as specific individuals.
- Google is the most abused email platform (67.5% of recorded attacks in 2023), with Microsoft following close behind (18.3%).
- BEC actors are moving toward intercepting payments. Instead of asking for an explicit amount, attackers ask for an unspecified sum owed.
- Office 365 phishing attack volumes have doubled since Q4 2022.
- The fundamentals of BEC attacks remain largely the same, but optimised tactics are improving success rates.
- Generative AI is trending among cybercriminals. ChatGPT, and other such language models, are giving criminals the tools to craft well-written messages at scale and avoid the poor spelling and grammar that frequently mark phishing attacks.
Senior Fellow, Threat Research at Fortra, John Wilson, said, “It isn’t hard to find someone who has fallen victim to email impersonation attacks. Social engineering combined with advancing technology such as generative AI has made attacks more advanced and harder to spot.
“Organisations must rethink how to defend against such threats. For instance, consider if your security awareness training explores enough of current impersonation techniques, as well as how applying algorithms through machine learning can help to detect anomalies and patterns in order to accurately detect signatureless email threats at scale.”
Fortra: Agari: Image: Brett Jordan
You Might Also Read:
Phishing – It’s Not About Malware (Or Even Email):
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible