Over 90 percent of organizations hit by targeted email attacks
Over the past year, business email compromise (BEC) scams have jumped by 60 percent. In addition more than 90 percent of organizations report being hit by targeted email attacks, with 23 percent suffering financial damage as a result.
These findings come from the Q1 2019 Email Fraud and Identity Deception Trends report by secure email specialist Agari.
The report shows that 96 percent of successful data breaches now begin with an email, and 20 percent of attacks come from compromised accounts. Brand impersonation remains the most common attack vector, used in 50 percent of advanced email attacks in the fourth quarter of 2018 -- with Microsoft impersonated in 70 percent of these instances.
For executive targets though 33 percent of advanced email attacks use display name deception that impersonates an individual -- a common tactic for BEC attacks, which frequently target CFOs.
"Credential phishing was already a huge risk for organizations because of the potential for data breach, but now there is a new wave of account takeover attacks leveraging compromised accounts to commit additional fraud, which evade traditional email security controls," says Crane Hassold, Sr. director of threat research at Agari. "Business email compromise attacks are still very active, especially against C-suite targets."
There's a seasonal element to attacks too, impersonation of the US Internal Revenue Service surged in the fourth quarter as the tax season approached. The IRS was impersonated in nearly one in ten attacks, up from less than one percent in the July-to-September quarter.
On a positive note it seems more businesses are taking email threats seriously. Adoption of the DMARC email authentication standard grew steadily during the final quarter of 2018 with a 15 percent increase in total DMARC records compared to Q3.
More detail is available in the full report which you can get from the Agari website.