chat
expand_more

Tackling the Increasing Threat of Phishing

Successful phishing attacks have increased by 34% in the last year, making it the most common email attack. Learn why phishing is so dangerous.
April 15, 2022

Phishing is the most common email attack that organizations face, accounting for nearly 77% of attacks seen by Abnormal in 2021—more than business email compromise, ransomware, and account takeover.

Phishing emails can lure victims into trusting the sender with their login credentials, other sensitive information, and even company funds. Successful phishing campaigns can also lead to business email compromise (BEC), and Deloitte reports that phishing is the number one delivery vehicle for ransomware.

Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Whether they impersonate a known brand, an internal system, or another trusted source, stopping them before they reach employee inboxes is the key to staying safe.

The Most Common Cybercrime by Far

The FBI Internet Crime Complaint Center (IC3) actively tracks successful phishing incidents and their financial impact. Perhaps due to its versatility as the first step in a variety of crimes, phishing far outpaces other types of attacks.

In 2021, successful phishing attacks increased by 34.2%, rising from 241,342 in 2020 to 323,972—nearly four times as many as the second most common cybercrime. In fact, phishing has been the most common type of cybercrime since 2019 and led to victim losses of more than $44 million in 2021 alone.

Unfortunately, there doesn’t seem to be a ceiling on phishing growth, as criminals find new ways to leverage email to trick victims. Phishing attacks will likely continue to grow in number because legacy solutions are increasingly ineffective against advanced socially-engineered threats. In addition, this kind of attack has a high potential to slip by humans—particularly in the middle of a busy workday. The best defense is to stop these carefully crafted attacks before they reach your employees.

The Snowball Effect of Phishing

Secure email gateways can stop simple phishing attacks that contain obviously malicious links or attachments, but more sophisticated phishing messages often sail through. And when an employee engages with a phishing email, it puts the organization at risk for credential theft.

Phishing Blog Email Example

Phishing attack that bypassed the secure email gateway (SEG)

A quick scan of the email above may not raise any immediate red flags, especially since the message appears to be coming from the employer's domain. However, if an employee clicks on the link and logs in, the site will collect their credentials, which the attackers can use to compromise the account and gain access to the employer’s VPN.

The information acquired during a credential phishing attack can be used to launch more advanced attacks from compromised email accounts. This can lead to financial losses, data breaches, and ransomware attacks—all of which can have costly long-term consequences for the business.

The ability of phishing emails to open the door to more damaging cybercrimes is one of the biggest reasons these attacks are such a threat. Even if the cybercriminal isn’t that sophisticated, having those credentials means they can do as they please within the account. This includes accessing additional (potentially more valuable) services if those same credentials are used across multiple sites.

Ending Phishing Attacks

Stopping phishing emails requires a solution that can detect and interpret thousands of signals to block the emails that appear suspicious, even when they don’t contain traditional indicators of compromise.

Abnormal uses a fundamentally different approach to email security that leverages behavioral data science to profile and baseline good behavior as well as to detect anomalies. By combining identity modeling, relationship graphing, and content analysis, we can prevent phishing emails and other attacks from ever reaching an employee’s inbox. Looking beyond email data enables us to more accurately detect advanced email attacks and protect your organization from the most dangerous threats.

To learn more about the increasing threat of phishing, download the CISO Guide to Phishing.

Tackling the Increasing Threat of Phishing

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More
B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More