Email Impersonation Attacks Reach All-Time High

Uploaded on 2023-08-07 in NEWS-Cybersecurity News, FREE TO VIEW

Malicious emails have reached a crescendo in 2023 according to the latest report from cybersecurity and software services provider FortraEmail impersonation threats such as BEC currently make up nearly 99% of threats, and of those 99% of threats observed in corporate inboxes are response-based or credential theft attacks.

Email impersonation threats are proving to be the most difficult to block as social engineering helps cyber criminals successfully deceive both end users and the security tools designed to protect them.

Other key findings from the research compiled by Fortra’s email security group, which includes Agari, Clearswift and PhishLabs, reveal:

  • More than 60% of email threats impersonated a well-known brand name such as Microsoft or Google.
  • 36% of email display names are altered to a more granular level and pose as specific individuals.
  • Google is the most abused email platform (67.5% of recorded attacks in 2023), with Microsoft following close behind (18.3%).
  • BEC actors are moving toward intercepting payments. Instead of asking for an explicit amount, attackers ask for an unspecified sum owed.
  • Office 365 phishing attack volumes have doubled since Q4 2022.
  • The fundamentals of BEC attacks remain largely the same, but optimised tactics are improving success rates.
  • Generative AI is trending among cybercriminals. ChatGPT, and other such language models, are giving criminals the tools to craft well-written messages at scale and avoid the poor spelling and grammar that frequently mark phishing attacks.  

Senior Fellow, Threat Research at Fortra, John Wilson, said, “It isn’t hard to find someone who has fallen victim to email impersonation attacks. Social engineering combined with advancing technology such as generative AI has made attacks more advanced and harder to spot.

“Organisations must rethink how to defend against such threats. For instance, consider if your security awareness training explores enough of current impersonation techniques, as well as how applying algorithms through machine learning can help to detect anomalies and patterns in order to accurately detect signatureless email threats at scale.”

Fortra:     Agari:     Image: Brett Jordan

You Might Also Read: 

Phishing – It’s Not About Malware (Or Even Email):

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Only Half Of Citizens Are Happy With Digital Public Services
British Universities Vulnerable To Credentials Fraud »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

Onsist

Onsist

Onsist brand protection services provide proactive defense against fraudulent use of your brand online.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Auriga Consulting

Auriga Consulting

Auriga is a center of excellence in Cyber Security, Assurance and Monitoring Services, with a renowned track record of succeeding where others have failed.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

Konsulko Group

Konsulko Group

Konsulko Group offers embedded Linux software and hardware development and Yocto Project services.

Faddom

Faddom

Faddom is an agentless tool that visualizes your on-premises and cloud infrastructure, as well as their inter-dependencies.

Kali Linux

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing.