Tackling the Increasing Threat of Phishing

Successful phishing attacks have increased by 34% in the last year, making it the most common email attack. Learn why phishing is so dangerous.
April 15, 2022

Phishing is the most common email attack that organizations face, accounting for nearly 77% of attacks seen by Abnormal in 2021—more than business email compromise, ransomware, and account takeover.

Phishing emails can lure victims into trusting the sender with their login credentials, other sensitive information, and even company funds. Successful phishing campaigns can also lead to business email compromise (BEC), and Deloitte reports that phishing is the number one delivery vehicle for ransomware.

Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Whether they impersonate a known brand, an internal system, or another trusted source, stopping them before they reach employee inboxes is the key to staying safe.

The Most Common Cybercrime by Far

The FBI Internet Crime Complaint Center (IC3) actively tracks successful phishing incidents and their financial impact. Perhaps due to its versatility as the first step in a variety of crimes, phishing far outpaces other types of attacks.

In 2021, successful phishing attacks increased by 34.2%, rising from 241,342 in 2020 to 323,972—nearly four times as many as the second most common cybercrime. In fact, phishing has been the most common type of cybercrime since 2019 and led to victim losses of more than $44 million in 2021 alone.

Unfortunately, there doesn’t seem to be a ceiling on phishing growth, as criminals find new ways to leverage email to trick victims. Phishing attacks will likely continue to grow in number because legacy solutions are increasingly ineffective against advanced socially-engineered threats. In addition, this kind of attack has a high potential to slip by humans—particularly in the middle of a busy workday. The best defense is to stop these carefully crafted attacks before they reach your employees.

The Snowball Effect of Phishing

Secure email gateways can stop simple phishing attacks that contain obviously malicious links or attachments, but more sophisticated phishing messages often sail through. And when an employee engages with a phishing email, it puts the organization at risk for credential theft.

Phishing Blog Email Example

Phishing attack that bypassed the secure email gateway (SEG)

A quick scan of the email above may not raise any immediate red flags, especially since the message appears to be coming from the employer's domain. However, if an employee clicks on the link and logs in, the site will collect their credentials, which the attackers can use to compromise the account and gain access to the employer’s VPN.

The information acquired during a credential phishing attack can be used to launch more advanced attacks from compromised email accounts. This can lead to financial losses, data breaches, and ransomware attacks—all of which can have costly long-term consequences for the business.

The ability of phishing emails to open the door to more damaging cybercrimes is one of the biggest reasons these attacks are such a threat. Even if the cybercriminal isn’t that sophisticated, having those credentials means they can do as they please within the account. This includes accessing additional (potentially more valuable) services if those same credentials are used across multiple sites.

Ending Phishing Attacks

Stopping phishing emails requires a solution that can detect and interpret thousands of signals to block the emails that appear suspicious, even when they don’t contain traditional indicators of compromise.

Abnormal uses a fundamentally different approach to email security that leverages behavioral data science to profile and baseline good behavior as well as to detect anomalies. By combining identity modeling, relationship graphing, and content analysis, we can prevent phishing emails and other attacks from ever reaching an employee’s inbox. Looking beyond email data enables us to more accurately detect advanced email attacks and protect your organization from the most dangerous threats.

To learn more about the increasing threat of phishing, download the CISO Guide to Phishing.

Tackling the Increasing Threat of Phishing

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Knowledge Base People Base L1 R1
Discover how Abnormal uses contextual, behavioral data to uncover anomalous activity across logins and devices with PeopleBase.
Read More
ABN B 12 2 22 Expanding our partnership L1 R2
Our partnership with Microsoft has created plenty of opportunities to celebrate. Here are some of the especially exciting moments from 2022.
Read More
B 1500x1500 5 key takeaways L1 R1
Ed Amoroso discusses the biggest security risks with cloud email and how to prevent them.
Read More
B Threat Intel Phishing Attacks HR Policies
Threat actors are capitalizing on the new year, posing as human resources officials to send credential phishing attacks.
Read More
ESG Blog
ESG’s technical validation proves the risk reduction capabilities of Abnormal Cloud Email Security.
Read More
CFO Cover
Industry-leading CFO Sam Wolff discusses spending on security technology in the current macroeconomic conditions.
Read More