Abstract Purple Corner

Research Reveals 265 Different Brands Impersonated in Phishing Attacks

This week, we released our H2 2022 Email Threat Report, which explores the latest email attack trends, including the rise of brand impersonation in phishing attacks.

August 11, 2022

Over the past three decades, malicious emails have evolved from low-value, low-impact threats like spam and simple phishing to targeted high-value, high-impact attacks like ransomware and business email compromise. Easily evading traditional security solutions like secure email gateways (SEGs) and yielding significant ROI for threat actors, these socially-engineered attacks aren’t going anywhere.

This week, Abnormal released our H2 2022 Email Threat Report, focused on data from January to June 2022. The report explores the current email threat landscape and provides insight into the latest advanced email attack trends, including the rise of brand impersonation in credential phishing attacks.

Brands Remain King of Credential Theft

As with most modern email threats, credential phishing attacks have become progressively more complex in recent years and, therefore, more convincing. With increasing frequency, cybercriminals are using impersonation to leverage the familiarity and reputation of well-known brands and fool targets into providing their login credentials. In the first half of 2022, threat actors impersonated brands in 15% of phishing emails.

H2 2022 Threat Report Blog Percentage of Brands Impersonated

To make things even easier for attackers, the number of platforms and apps we use is always growing—as is the number of accounts we create for online portals. A report from LastPass found that employees at large enterprises manage an average of 25 passwords; at smaller organizations that number jumps to 85. And, as much as employers discourage it, the report revealed that employees reuse one password an average of 13 times.

Every software and website that requires you to provide your email address for access represents a phishing opportunity for cybercriminals—and they know it. And once they have access to the account, they can use it for all types of nefarious activities, from infiltrating additional platforms to stealing money from the account to buying products using your credit card.

Social Networks and Microsoft Products Most Impersonated

Of the more than 425,000 credential phishing attacks in which a brand was impersonated in the first half of 2022, 32% involved the impersonation of a social network, with LinkedIn being the most impersonated platform.

Because LinkedIn often sends emails with updates about profile views and search results, users are accustomed to receiving occasional, unsolicited emails from the platform. This means that in addition to more standard phishing emails that claim there is a problem with the account, threat actors can also recreate these other types of LinkedIn emails and include a link to a phishing site.

H2 2022 Threat Report Blog Linked In Phishing Email

After social networks, Microsoft products were the second most impersonated, with Outlook, OneDrive, Microsoft 365, and the parent company appearing in 20% of incidents. One of the reasons organizations use Microsoft is that the company provides a large suite of solutions applicable to every business use. The downside of this is that attackers will leverage that ubiquity and authority to convince employees they’re at risk of losing access to their inbox or important files.

And perhaps most concerning about Microsoft credential theft is that compromise of these accounts allow bad actors to use that email address to send other email attacks, impersonating real employees and hijacking ongoing conversations to redirect payments or request new fund transfers.

H2 2022 Threat Report Blog Microsoft Phishing Email

Attackers Favor Impersonating Brands with Best Potential ROI

Of the 265 individual brands that attackers impersonated, nearly one in four were in the financial services industry—including banks, credit card providers, and online payment processors. Fan favorites included American Express, PayPal, and Wells Fargo.

While this is somewhat unsurprising, it is still concerning. Gaining access to an organization’s banking or payment portal allows threat actors to transfer money to their own accounts, redirect incoming payments, send fraudulent payment requests, and steal sensitive financial information to use in future attacks.

H2 2022 Threat Report Blog Brands Impersonated in Each Category

Further, victims of such attacks may not be able to easily resolve the situation, and their accounts could be closed permanently. Not only does this impact their ability to use any other platforms connected to the account, such as billing and accounting software, but the company will also have to dispute fraudulent charges with their bank and pay any additional fees that result from the attack.

One other interesting thing to note is that of the approximately 25,000 attacks in which a business management software provider was impersonated, 27.4% involved a document management solution brand like DocuSign. From the target’s point of view, receiving an email with a request to log in to view or sign a document is far from unusual. And from an attacker’s point of view, gaining entry into an organization’s digital document repository means they have access to a wealth of proprietary and sensitive information.

The Evolving Threat of Credential Phishing

Credential phishing attacks represent a huge threat to organizations as a well-crafted (or even somewhat realistic-looking) phishing email can trick an employee into providing login credentials. But what makes phishing particularly dangerous is that once a threat actor has access to an internal account, they can launch even more costly attacks. Based on the data, advanced email threats will only become more sophisticated, more pervasive, and more damaging.

For additional data on how credential phishing impacts your industry as well as insights into supply chain compromise and business email compromise, download the email threat report.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More
B Overhauled Architecture Blog 08 29 22
As our customer base has expanded, so has the volume of emails our system processes. Here’s how we overcame scaling challenges with one service in particular.
Read More