A quarter of phishing emails bypass Office 365 security
According to a new study analyzing more than 55 million emails, 25 percent of phishing emails bypass Office 365 security, using malicious links and attachments as the main vectors.
Other findings of the report from cloud-native security firm Avanan include that 33 percent of emails contain a link to a site hosted on WordPress and 98 percent of emails containing a crypto wallet address are phishing attacks.
"Cloud-based email, despite all of its benefits, has unfortunately launched a new era of phishing attacks," says Yoav Nathaniel, lead security analyst at Avanan. "The nature of the cloud provides more vectors for hackers and gives them broader access to critical data when a phishing attack is successful. Organizations are in desperate need for more information on phishing attacks and how to combat these attacks. We conducted this research to help inform organizations and shed light on how to keep sophisticated attacks out of their environment."
Phishing has become one of the major digital threats over the last decade and attacks are getting increasingly sophisticated. Among the report's other findings are that over 30 percent of phishing emails sent to organizations using Office 365 Exchange Online Protection were delivered to the inbox.
Over 50 percent of all phishing emails contain malware, credential harvesting accounts for most at 40.9 percent, while spear phishing and extortion make up the remaining 8.4 percent (0.04 percent and eight percent, respectively).
In addition one in every 25 branded emails sent to organizations were found to be phishing emails, with Microsoft being the most impersonated brand throughout the year, except for the holiday season, during which it's Amazon.
You can get a copy of the full report from the Avanan site.