Email phishing attacks continue to be the most prevalent way cyber criminals are stealing credentials, launching malware, and breaching computer networks. Email is almost always the point of entry. The FBI calls these attempts Business Email Compromise (BEC) and they account for more than a billion dollars in losses for U.S. businesses each year.
Many of the email phishing attempts make it through Microsoft Office 365’s ATP (Advanced Threat Protection) and email security filters in Exchange and G-Suite. That’s why so many organizations have turned to INKY as a way to detect and block phishing attacks.
Of all the phishing attempts that were processed through INKY’s email security platform in 2018, there were zero successful attacks. We recently published a report titled Welcome to 2019: Phishing Gets Personal Email Security Report. In the report, our researchers analyzed the most serious attacks they faced. Here is what they found:
Cyber criminals have evolved their tactics. Phishing email is becoming increasingly targeted and personalized. This makes them much more difficult to detect by the human eye.
Corporate VIP Impersonation
VIP impersonations made up 12% of phishing attacks. These insidious attacks don’t happen by accident. Hackers use social engineering tactics and do their research to uncover names, titles, and relationships within organizations. In a typical scenario, a finance officer might get an email from someone impersonating a CEO. The email will express a sense of urgency and ask the recipient to take an action, such as pay an invoice by wire transfer. Requests may appear to come from a mobile device and indicate they are unavailable by phone.
With the increase of remote workers and dispersal of staff, more communication happens electronically. This makes requests seems normal, especially when cyber criminals exude a sense of familiarity and may include personal details to help sell the scam.
11% of the phishing attacks INKY stopped were classified as sender forgeries. It’s a classic phishing attack that makes an email appear as if it’s coming from a known contact.
Corporate email addresses are easy to find and spoof. Hackers may establish a Gmail or Yahoo email address using a variation on a contact’s name. Emails that get through security filters and come from a familiar name continue to be successful. Victims are more likely to open an email attachment or click on a link if they believe it came from a colleague or friend.
It might also impersonate well-known companies and include logos and official-sounding language. An email that appears to be from Office 365 might suggest you need to authenticate two-factor authorization, for example, in order to increase security. Clicking on the link, however, might launch malicious code or send you to a fake landing page in an effort to steal your login credentials.
Corporate Email Spoofing
6% of the total phishing emails that INKY’s email security solutions caught fell into the Corporate Email Spoofing category. These emails blend elements of the VIP Impersonation with Sender Forgery tactics. It targets a specific organization and may play off an announcement, news story, or personal event. Public company filings, such as earning statements and quarterly reports, include a wealth of information that cyber criminals can use as a pretext to send a phishing email.
The sender will spoof a corporate email address with a header that mirrors a company email address but really originates from outside company email servers. The hackers may try to solicit corporate intellectual property, financial data, or private information. It may be business focused or try to use personal information to fund gifts cards.
A Mixed Bag
INKY’s Welcome to 2019: Phishing Gets Personal Email Security Report labels the remaining 73% of the phishing attempts analyzed “a mixed bag of awful.”
Unlike the foreign lottery or Nigerian prince emails, most email phishing attempts are personalized to a recipient’s company name or information based on exploiting data breaches. These include email phishing attempts such as:
- Fake IT / Help Desk / Mail Server alerts
- Fake voicemail or fax notifications with malicious attachments
- Fake invoice notifications with malware attached
- Ransomware blackmail scams requesting cryptocurrency in order to release data
- Fake thank you or holiday card with a malicious download posing as a greeting or thank you
- Fake delivery notifications from FedEx, UPS, or USPS
Cyber Criminals Are Becoming More Targeted and Strategic
The amount of phishing attacks reported is unrelenting. Cyber criminals are becoming more targeted and strategic in their attacks as they evolve. The losses and damage are staggering.
It’s also unnecessary. INKY’s cloud-based email protection software blocks spam, malware, phishing attacks, and Business Email Compromise (BEC). Using domain-specific machine learning and computer vision, it identifies and blocks even zero-day exploits that get through legacy email systems, including Exchange, Office 365, and G-Suite.
INKY’s email security platform is a generation ahead of anything else on the market. Traditional email phishing solutions are simply not capable of identifying these increasingly personal attacks.