Email Impersonation Attacks Reach All-Time High

Uploaded on 2023-08-07 in NEWS-Cybersecurity News, FREE TO VIEW

Malicious emails have reached a crescendo in 2023 according to the latest report from cybersecurity and software services provider FortraEmail impersonation threats such as BEC currently make up nearly 99% of threats, and of those 99% of threats observed in corporate inboxes are response-based or credential theft attacks.

Email impersonation threats are proving to be the most difficult to block as social engineering helps cyber criminals successfully deceive both end users and the security tools designed to protect them.

Other key findings from the research compiled by Fortra’s email security group, which includes Agari, Clearswift and PhishLabs, reveal:

  • More than 60% of email threats impersonated a well-known brand name such as Microsoft or Google.
  • 36% of email display names are altered to a more granular level and pose as specific individuals.
  • Google is the most abused email platform (67.5% of recorded attacks in 2023), with Microsoft following close behind (18.3%).
  • BEC actors are moving toward intercepting payments. Instead of asking for an explicit amount, attackers ask for an unspecified sum owed.
  • Office 365 phishing attack volumes have doubled since Q4 2022.
  • The fundamentals of BEC attacks remain largely the same, but optimised tactics are improving success rates.
  • Generative AI is trending among cybercriminals. ChatGPT, and other such language models, are giving criminals the tools to craft well-written messages at scale and avoid the poor spelling and grammar that frequently mark phishing attacks.  

Senior Fellow, Threat Research at Fortra, John Wilson, said, “It isn’t hard to find someone who has fallen victim to email impersonation attacks. Social engineering combined with advancing technology such as generative AI has made attacks more advanced and harder to spot.

“Organisations must rethink how to defend against such threats. For instance, consider if your security awareness training explores enough of current impersonation techniques, as well as how applying algorithms through machine learning can help to detect anomalies and patterns in order to accurately detect signatureless email threats at scale.”

Fortra:     Agari:     Image: Brett Jordan

You Might Also Read: 

Phishing – It’s Not About Malware (Or Even Email):

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Only Half Of Citizens Are Happy With Digital Public Services
British Universities Vulnerable To Credentials Fraud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

Privakey

Privakey

Transaction Intent Verification. Privakey delivers a secure channel to streamline high risk transactions, enabling digital trust between services and their users.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

CloudScale365

CloudScale365

CloudScale365 offers state-of-the-art managed IT services and cloud, hosting, security, and business continuity solutions.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.