Press Releases


New Research Shows Rise in Credential Phishing Attacks with 265 Brands Impersonated in First Half of 2022

Abnormal is recognized for its cloud-native email security platform that uses behavioral AI to analyze identity, content and context and leverages 45,000+ signals from cloud email platforms to stop all types of email attacks including business email compromise, supply chain fraud, ransomware, phishing, spam and graymail.

Share via:

SAN FRANCISCO, August 10, 2022 - Abnormal Security, the leading AI-based cloud-native email security platform, today released its H2 2022 Email Threat Report. The report explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise and the rise of brand impersonation in credential phishing attacks.

The latest Abnormal research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands' familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.

“The vast majority of cybercrime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security. “By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”

LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cybercriminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.

Additional findings from the report include:

  • Over a third of credential phishing attacks involving brand impersonation targeted educational institutions and religious organizations.

  • There was a 150% year-over-year increase in BEC attacks, showcasing the increased threat of these most financially-damaging attacks.

  • BEC attacks target every industry, but advertising and marketing agencies remain the most at risk with an 83% chance of receiving a BEC attack each week.

  • Financial supply chain compromise is continuing at a steady pace and targeting nearly every size organization, with 89% of large enterprises receiving at least one vendor attack each week.

“We know that email attacks target organizations of all sizes across all industries, but this data continues to reiterate that point. Brand impersonation is particularly worrisome for cybersecurity leaders, since the most sophisticated attacks are incredibly difficult to differentiate from a legitimate email from that brand,” stated Mike Britton, chief information security officer at Abnormal Security. “As we see this trend continue to increase across the threat landscape, organizations should look to add security solutions that can detect these attacks, even when they come from legitimate domains and use never-before-seen links.”

Launch of Abnormal Intelligence

In support of its mission to protect organizations from cybercrime, Abnormal Security today also launched Abnormal Intelligence, a research and data hub focused on providing insight into emerging attacks across the threat landscape. This platform is designed to help organizations stay aware of new trends and attacks, featuring some of the most unique attacks targeting Abnormal customers. In addition to the daily feed of real-world attacks, the site contains threat intelligence content in the form of blog posts, downloadable resources, and webinars.

To learn more about Abnormal Intelligence, view the attack insights and download the full report, please visit

For more information on Abnormal Security, please visit

About Abnormal Security

Abnormal Security provides a leading cloud-native email security platform that leverages AI-based behavioral data science to stop socially-engineered and never-seen-before email attacks that evade traditional secure email gateways (SEGs). Abnormal delivers a fundamentally different approach that precisely detects and protects against the widest range of attacks including business email compromise, phishing, malware, ransomware, social engineering, spam and graymail, supply chain compromise, and internal account compromise. The Abnormal platform delivers inbound email security, internal and external account takeover protection, and full SOC automation. Abnormal’s API-based approach enables customers to get started in minutes and can augment a SEG or be used standalone to enhance native cloud email security protection with Microsoft 365 and Google Workspace. Abnormal Security is based in San Francisco, CA. More information is available at

Media Contact:

MikeWorldWide (MWW) for Abnormal Security
Diana Kozak

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo