Security researchers identified a 48% increase in cyberattack attempts targeting email accounts in the first six months of 2022.
The H2 2022 Email Threat Report from Abnormal Security explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise and the rise of brand impersonation in credential phishing attacks.
The report found a 48% increase in email attacks over the previous six months, with 68.5% of those attacks including a credential phishing link. In addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands' familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.
LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cybercriminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.
Additional findings from the report include:
- Over a third of credential phishing attacks involving brand impersonation targeted educational institutions and religious organizations.
- There was a 150% year-over-year increase in BEC attacks, showcasing the increased threat of these most financially-damaging attacks.
- BEC attacks target every industry, but advertising and marketing agencies remain the most at risk with an 83% chance of receiving a BEC attack each week.
For more report findings, click here.