Nearly every organization uses email daily, meaning ensuring email security is a top priority. Email threats were analyzed in a report by Abnormal Security. The report saw file-sharing phishing volume more than triple, increasing 350% over the year. Sixty-percent of the attacks exploited legitimate domains, most commonly webmail accounts, such as Gmail, iCloud, and Outlook; productivity and collaboration platforms; file storage and sharing platforms like Dropbox; and e-signature solutions like Docusign.
The finance industry was found to be most at risk, with file sharing phishing attacks making up one in 10 attacks. As financial institutions rely on file-sharing platforms to securely exchange documents, attackers have ample opportunities to slip in a fraudulent file-sharing notification among the sea of invoices, contracts, investment proposals, and regulatory updates. The second most vulnerable industry was construction and engineering, followed by real estate and property management companies.
Business email compromise (BEC) attacks grew by more than 50% over the last year, with attacks on smaller organizations jumping nearly 60% in the last half. Forty-one percent of customers were targeted by VEC each week in the first half of 2024, a slight increase over the 37% targeted in the second half of 2023.
Construction and engineering firms, as well as retailers and consumer goods manufacturers, were most vulnerable to VEC attacks, with 70% of organizations receiving at least one VEC attack in the first half of the year.