New Research from Abnormal Security Shows Rise in Credential Phishing Attacks with 265 Brands Impersonated in First Half of 2022

Abnormal Security, the leading AI-based cloud-native email security platform, today released its H2 2022 Email Threat Report. The report explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise and the rise of brand impersonation in credential phishing attacks.

“By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”

The latest Abnormal research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.

Marketing Technology News: Influencer Market: Brands are Getting More Creative and Taking Help of Micro Influencers to Achieve…

“The vast majority of cybercrime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security. “By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”

LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cybercriminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.

Additional findings from the report include:

  • Over a third of credential phishing attacks involving brand impersonation targeted educational institutions and religious organizations.
  • There was a 150% year-over-year increase in BEC attacks, showcasing the increased threat of these most financially-damaging attacks.
  • BEC attacks target every industry, but advertising and marketing agencies remain the most at risk with an 83% chance of receiving a BEC attack each week.
  • Financial supply chain compromise is continuing at a steady pace and targeting nearly every size organization, with 89% of large enterprises receiving at least one vendor attack each week.

“We know that email attacks target organizations of all sizes across all industries, but this data continues to reiterate that point. Brand impersonation is particularly worrisome for cybersecurity leaders, since the most sophisticated attacks are incredibly difficult to differentiate from a legitimate email from that brand,” stated Mike Britton, chief information security officer at Abnormal Security. “As we see this trend continue to increase across the threat landscape, organizations should look to add security solutions that can detect these attacks, even when they come from legitimate domains and use never-before-seen links.”

Marketing Technology News: MarTech Interview With Mike Peralta, VP and GM of T-Mobile Advertising Solutions

Brought to you by
For Sales, write to: contact@martechseries.com
Copyright © 2024 MarTech Series. All Rights Reserved.Privacy Policy
To repurpose or use any of the content or material on this and our sister sites, explicit written permission needs to be sought.