Floor purple 1 FINAL

New Research Shows Phone Fraud Targets 89% of Companies

March 22, 2022

Modern threats continue to increase in volume and severity, as cybercriminals turn from low-value attacks to more sophisticated, high-value strategies that rely on social engineering to trick recipients into sending money or leaking sensitive information. And because these threats contain few indicators of compromise, they evade secure email gateways and other traditional systems, landing in employee inboxes where they can cause significant damage.

Today, Abnormal released our H1 2022 Email Threat Report, focused on data from July to December 2021. Over the course of those six months, we tracked a relatively new form of cyber attack—phone fraud that starts via email.

New Malware Tactic Involves Phone Fraud

Starting in the spring of 2021, Abnormal noticed an increase in scams that encouraged recipients to do something fairly unexpected—pick up their phone and call the scammers. These emails use a variety of scare tactics, often involving a pending charge, to prompt their targets to call the phone number provided within the email.

Example of a fraud email prompting victims to call a phone number

Once they do so, they are directed to a website to download some type of file that then installs a form of malware, typically BazarLoader, on their computer. This initial installation allows attackers to then install additional malware that can be used for ransomware attacks.

An Emerging (and Growing) Trend

Vishing, or voice phishing, has become an increasingly popular tactic in recent years, but these phone fraud attacks are different in that they start with a phishing email. They then direct users to call them, versus directly calling the target as part of the vishing scam. These phone

fraud attacks are likely geared toward consumers, but it is clear that threat actors were willing to scam organizations as well—and may even prefer them. In cases uncovered by Abnormal, impersonated brands included PayPal, Microsoft, Amazon, Norton AntiVirus, and Best Buy, all of which could be used for both personal and business transactions.

These phone scams were first detected in the first part of the year, but started increasing in the third quarter and picked up significantly in December—right before the holidays, perhaps when the scammers knew that people would be more concerned about money being unexpectedly deducted from their bank accounts.

Probability of receiving a phone fraud attack by week

The likelihood of receiving these attacks increased dramatically throughout the last half of the year, with 31.4% of organizations receiving at least one attack in the third quarter, and over half in the fourth quarter. But that number jumped even more in December, with organizations reaching a 59.2% likelihood of attack in the last month of the year. The highest week ​​saw a 89% chance of attack, before dropping back to average levels closer to the holidays.

Largest Organizations at Largest Risk for Phone Fraud

Perhaps unsurprisingly, those organizations with the most employees had the largest probability of receiving an attack. Small businesses under 500 employees were fortunate to experience only an average 12% probability of attack throughout the half, but large organizations comprised of more than 50,000 employees received an attack nearly three weeks out of each month.

Phone fraud probability by organization size

While business email compromise attacks mainly target executives or those in the finance department, these phone fraud attacks could be relevant to almost anyone. As such, it makes sense that the chance of receiving an attack simply grows alongside the number of people within the organization.

No matter the size, one thing is for sure—threat actors saw success with phone fraud attacks in 2021 and doubled down on this attack type in the last quarter of the year. It remains to be seen if this trend will continue into 2022, particularly as end users become more aware of the tactic.

To learn more about how phone fraud is impacting your industry, as well as additional data on supply chain compromise and business email compromise, download the email threat report.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More