New Threat Research Report: High-Profile Socially-Engineered Email Attacks Drive Record-High Employee Engagement & Fraud - Abnormal Security

New Threat Research Report: High-Profile Socially-Engineered Email Attacks Drive Record-High Employee Engagement & Fraud

On March 17, the FBI released its seminal annual Internet Crime Report. Once again, socially-engineered attacks (including business email compromise, spoofing and phishing) by far were the number one cybercrime by financial loss, accounting for $2.1 billion of the $4.2 billion in losses to U.S. businesses and consumers. These attacks utilize impersonations to get companies to transfer money to fraudulent accounts, and pose significantly more financial danger to an organization than well-known tactics such as malware and ransomware.

As the FBI noted in its report, “fraudsters have become more sophisticated by evolving their techniques to use social engineering to compromise vendor email accounts and use stolen identities to establish bank accounts to receive stolen funds through invoice fraud.”

Attackers haven’t let up in 2021. As we outline in our new Threat Research Report “High-Profile Socially-Engineered Email Attacks Drive Record-High Employee Engagement & Fraud”, we found that attacks across a variety of categories grew at significant rates. Quite simply, attackers are more successful by using socially-engineered attacks to bypass existing protections such as secure email gateways. 

Key Research Takeaways:

  • The rate of employee engagement increased by 50% for socially-engineered attacks that bypass secure email gateways or other existing protections.
  • Employees are four times more likely to engage attackers through lateral phishing attacks from compromised internal accounts than with credential phishing from external accounts.
  • There was a 250% percent increase in the presence of malicious mail filters from Q4 2020 to Q1 2021.
  • The percentage of companies across industries hit with VEC attacks increased 119% between July 2020 and April 2021.

It’s clear traditional secure email gateway defenses were not designed to stop socially-engineered attacks. In order to stem the tide, organizations need to consider a new approach. Without one, high-profile attacks such as SolarWinds and USAID, which we can surmise started with socially-engineered campaigns, will continue to cause severe financial and reputational loss. 

How Abnormal Stops Socially-Engineered Attacks

Abnormal Security delivers a fundamentally different approach that protects enterprises from socially-engineered email attacks from internal and external account compromises — ranging from targeted phishing, BEC, and invoice fraud — that were previously undetectable by traditional email security solutions. 

The new API driven approach pioneered by Abnormal Security uniquely leverages behavioral data science to profile and baseline good behavior to detect account compromises and phishing attacks. We deliver this approach through a cloud-native email security platform that can be deployed instantly into Microsoft Office 365 via a 1-click API integration – and can be used to extend your existing Secure Email Gateways.

Abnormal Security requires no configuration and delivers results immediately after integration. The system learns and self-configures for each deployment and continually self-tunes, minimizing any ongoing maintenance. Our behavioral data science approach works in conjunction with traditional threat intelligence email security solutions to provide an extra layer of defense against never-seen-before socially-engineered advanced attacks.

Download a copy of Abnormal Security’s Q1 2021 Quarterly Threat Report: “High-Profile Socially-Engineered Email Attacks Drive Record-High Employee Engagement & Fraud”.

Related content