Wave dark green 4 FINAL

Tackling the Increasing Threat of Phishing

Successful phishing attacks have increased by 34% in the last year, making it the most common email attack. Learn why phishing is so dangerous.

April 15, 2022

Phishing is the most common email attack that organizations face, accounting for nearly 77% of attacks seen by Abnormal in 2021—more than business email compromise, ransomware, and account takeover.

Phishing emails can lure victims into trusting the sender with their login credentials, other sensitive information, and even company funds. Successful phishing campaigns can also lead to business email compromise (BEC), and Deloitte reports that phishing is the number one delivery vehicle for ransomware.

Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Whether they impersonate a known brand, an internal system, or another trusted source, stopping them before they reach employee inboxes is the key to staying safe.

The Most Common Cybercrime by Far

The FBI Internet Crime Complaint Center (IC3) actively tracks successful phishing incidents and their financial impact. Perhaps due to its versatility as the first step in a variety of crimes, phishing far outpaces other types of attacks.

In 2021, successful phishing attacks increased by 34.2%, rising from 241,342 in 2020 to 323,972—nearly four times as many as the second most common cybercrime. In fact, phishing has been the most common type of cybercrime since 2019 and led to victim losses of more than $44 million in 2021 alone.

Unfortunately, there doesn’t seem to be a ceiling on phishing growth, as criminals find new ways to leverage email to trick victims. Phishing attacks will likely continue to grow in number because legacy solutions are increasingly ineffective against advanced socially-engineered threats. In addition, this kind of attack has a high potential to slip by humans—particularly in the middle of a busy workday. The best defense is to stop these carefully crafted attacks before they reach your employees.

The Snowball Effect of Phishing

Secure email gateways can stop simple phishing attacks that contain obviously malicious links or attachments, but more sophisticated phishing messages often sail through. And when an employee engages with a phishing email, it puts the organization at risk for credential theft.

Phishing Blog Email Example

Phishing attack that bypassed the secure email gateway (SEG)

A quick scan of the email above may not raise any immediate red flags, especially since the message appears to be coming from the employer's domain. However, if an employee clicks on the link and logs in, the site will collect their credentials, which the attackers can use to compromise the account and gain access to the employer’s VPN.

The information acquired during a credential phishing attack can be used to launch more advanced attacks from compromised email accounts. This can lead to financial losses, data breaches, and ransomware attacks—all of which can have costly long-term consequences for the business.

The ability of phishing emails to open the door to more damaging cybercrimes is one of the biggest reasons these attacks are such a threat. Even if the cybercriminal isn’t that sophisticated, having those credentials means they can do as they please within the account. This includes accessing additional (potentially more valuable) services if those same credentials are used across multiple sites.

Ending Phishing Attacks

Stopping phishing emails requires a solution that can detect and interpret thousands of signals to block the emails that appear suspicious, even when they don’t contain traditional indicators of compromise.

Abnormal uses a fundamentally different approach to email security that leverages behavioral data science to profile and baseline good behavior as well as to detect anomalies. By combining identity modeling, relationship graphing, and content analysis, we can prevent phishing emails and other attacks from ever reaching an employee’s inbox. Looking beyond email data enables us to more accurately detect advanced email attacks and protect your organization from the most dangerous threats.

To learn more about the increasing threat of phishing, download the CISO Guide to Phishing.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

0
Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More
B Overhauled Architecture Blog 08 29 22
As our customer base has expanded, so has the volume of emails our system processes. Here’s how we overcame scaling challenges with one service in particular.
Read More
B Winning Back Productivity
Limiting time-wasting email messages makes employees more productive. Here’s how innovative organizations are addressing the challenge.
Read More
B Account Takeover Blog 08 22 22
Learn how threat actors execute account takeovers, how they exploit compromised accounts, and what you can do to reduce your risk.
Read More