Subscribe to receive twice-monthly updates of the latest attacks we've detected in the wild:

What is Spear Phishing?

Phishing is the most common form of cyberattack in the world. Approximately 74% of organizations within the United States will experience a successful phishing attack at some point. Spear phishing, on the

Read more

Inside the Business Email Compromise Problem

Business email compromise (BEC) is the most significant cybersecurity threat to enterpriseorganizations, with $1.8 billion in reported losses in 2020 alone. This type of email attack occurs when a cybercriminal uses social

Read more

Russian-Based Ransomware Attack Using Malware Targeting U.S. Industries Underway

This week, Abnormal Security researchers have been tracking recent well-disguised attacks from a Russian criminal enterprise who are using the Emotet trojan to drop Ryuk ransomware and BazarLoader for financial gain. The

Read more

Business Email Compromise Attacks Increasingly Widespread in August

The fraction of companies receiving BEC (Business Email Compromise) attacks each week increased steadily throughout August, from slightly less than 70% at the beginning of the month to over 99% by August

Read more

Credential Phishing Attack Volume is Comparable to Spam

This is our second installment of a monthly series to surface trends in email attacks. Our installment this month discusses trends we observed in July.

Read more

How Attackers Bypass MFA and Conditional Access to Compromise Email Accounts

Abnormal Security has detected an increase in BEC attacks that successfully compromise email accounts despite multi-factor authentication (MFA) and Conditional Access. While MFA and modern authentication protocols are an important advancement in

Read more

Payment Inquiries: The Precursors to Invoice and Payment Fraud

Abnormal has detected campaigns targeting our customers where malicious actors will impersonate major brands and reach out to accounting teams to ask if there are any outstanding invoices for the company they

Read more

Challenging Verizon’s CIS Control Recommendations for Socially-Engineered Business Email Compromise Attacks

While Verizon’s annual Data Breach Incident Report (DBIR) has always offered recommendations on defense and controls through its findings, this year the report shares formal, standardized security control recommendations to readers. In

Read more

Invoice & Payment Fraud BEC Attacks Are On The Rise

This is our first installment of a monthly series we’re launching to surface trends in email attacks. Our installment this month discusses trends we observed in May.

Read more

Protect Against the Unique Sophistication of Financially Motivated Social Engineering (FMSE) Attacks

Business email compromise (BEC) is a billion-dollar business for threat actors. According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams have led to $26 billion in losses in the last

Read more

The State of Business Email Compromise Q1 2020: Attacks Shift From the C-Suite to Finance

Every day, we track and prevent email security threats for our users, which gives us enormous insight into where and how attackers attempt to infiltrate a business through email.

Read more

Business Email Compromise Attack Protection

What is Business Email Compromise (BEC)? Business email compromise (BEC) is a significant security threat to enterprise organizations. This form of email attack uses impersonations to steal money from unsuspecting employees and

Read more