Just ten brands accounted for more than half of all spoof and impersonation-based phishing, a new report from Area 1 Security finds.
The cybersecurity company analysed over 31 million phishing threats across various organisations and industries. In its report, it found 56% of impersonation-based attacks were from just ten brands. The most common were pretending to be the World Health Organization (WHO), Google and Microsoft.
Its report, It Started Out With A Phish, claims if all the attacks had been successful, it could have resulted in more than $354m in direct losses.
The report claims that around 9% of attacks used identity deception tactics, such as spoofing, domain impersonation and display name impersonation. Other common methods included, credential harvesters (9.33%), compromised links (8.96%) and attachments (3.31%).
Some threats of spoofed emails had hidden business email compromise (BEC) attacks. A BEC is an illicit player hacks into an account and impersonates the owner. The report claims that on average, BEC requests sought $1.5 million and a median of $260K.
Area 1 Security CEO Patrick Sweeney said, “Cyber campaigns continue to be a tool for waging war against corporations, theft of intellectual property, and massive financial and data loss. Our research found that security awareness training is only beneficial from an educational perspective but not effective in stopping threats.
“Around 92% of user-reported phish are not malicious and actually benign, spam, or bulk mail, which often delays IT teams from discovering and stopping actual threats. The only solution is a pre-emptive, cloud-based, email security solution that prevents the phish from even hitting the inboxes.”
Copyright © 2021 FinTech Global
Copyright © 2018 RegTech Analyst
