chat
expand_more

Tackling the Increasing Threat of Phishing

Successful phishing attacks have increased by 34% in the last year, making it the most common email attack. Learn why phishing is so dangerous.
April 15, 2022

Phishing is the most common email attack that organizations face, accounting for nearly 77% of attacks seen by Abnormal in 2021—more than business email compromise, ransomware, and account takeover.

Phishing emails can lure victims into trusting the sender with their login credentials, other sensitive information, and even company funds. Successful phishing campaigns can also lead to business email compromise (BEC), and Deloitte reports that phishing is the number one delivery vehicle for ransomware.

Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Whether they impersonate a known brand, an internal system, or another trusted source, stopping them before they reach employee inboxes is the key to staying safe.

The Most Common Cybercrime by Far

The FBI Internet Crime Complaint Center (IC3) actively tracks successful phishing incidents and their financial impact. Perhaps due to its versatility as the first step in a variety of crimes, phishing far outpaces other types of attacks.

In 2021, successful phishing attacks increased by 34.2%, rising from 241,342 in 2020 to 323,972—nearly four times as many as the second most common cybercrime. In fact, phishing has been the most common type of cybercrime since 2019 and led to victim losses of more than $44 million in 2021 alone.

Unfortunately, there doesn’t seem to be a ceiling on phishing growth, as criminals find new ways to leverage email to trick victims. Phishing attacks will likely continue to grow in number because legacy solutions are increasingly ineffective against advanced socially-engineered threats. In addition, this kind of attack has a high potential to slip by humans—particularly in the middle of a busy workday. The best defense is to stop these carefully crafted attacks before they reach your employees.

The Snowball Effect of Phishing

Secure email gateways can stop simple phishing attacks that contain obviously malicious links or attachments, but more sophisticated phishing messages often sail through. And when an employee engages with a phishing email, it puts the organization at risk for credential theft.

Phishing Blog Email Example

Phishing attack that bypassed the secure email gateway (SEG)

A quick scan of the email above may not raise any immediate red flags, especially since the message appears to be coming from the employer's domain. However, if an employee clicks on the link and logs in, the site will collect their credentials, which the attackers can use to compromise the account and gain access to the employer’s VPN.

The information acquired during a credential phishing attack can be used to launch more advanced attacks from compromised email accounts. This can lead to financial losses, data breaches, and ransomware attacks—all of which can have costly long-term consequences for the business.

The ability of phishing emails to open the door to more damaging cybercrimes is one of the biggest reasons these attacks are such a threat. Even if the cybercriminal isn’t that sophisticated, having those credentials means they can do as they please within the account. This includes accessing additional (potentially more valuable) services if those same credentials are used across multiple sites.

Ending Phishing Attacks

Stopping phishing emails requires a solution that can detect and interpret thousands of signals to block the emails that appear suspicious, even when they don’t contain traditional indicators of compromise.

Abnormal uses a fundamentally different approach to email security that leverages behavioral data science to profile and baseline good behavior as well as to detect anomalies. By combining identity modeling, relationship graphing, and content analysis, we can prevent phishing emails and other attacks from ever reaching an employee’s inbox. Looking beyond email data enables us to more accurately detect advanced email attacks and protect your organization from the most dangerous threats.

To learn more about the increasing threat of phishing, download the CISO Guide to Phishing.

Tackling the Increasing Threat of Phishing

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Most Interesting Attacks Q1 2024
Take a look at five of the most unique and sophisticated email attacks recently detected and stopped by Abnormal.
Read More
B MKT499 Images for Customer Blog Series
Discover key industry trends and insights from cybersecurity leader Michael Marassa, CTO of New Trier Township High School District 203.
Read More
B Construction Professional Services QR Code Attacks
Abnormal data shows construction firms and professional service providers are up to 19.2 times and 18.5 times, respectively, more likely to receive QR code attacks than organizations in other industries.
Read More
B 1500x1500 Evolving Abnormal R2
From the beginning, we created Abnormal Security to be a generational company that protects people from cybercrime. Here’s how we’re doing it.
Read More
Blog Cover 1500x1500 Images for SOC Time Blog
Discover the critical tasks that occupy SOC analysts’ schedules beyond mere inbox management, and discover insights into optimizing efficiency in cybersecurity operations.
Read More
B 1500x1500 MKT494 Top Women in Cybersecurity
In honor of Women's History Month, we're spotlighting 10 women leaders who are making invaluable contributions to cybersecurity.
Read More