Connect with us

Hi, what are you looking for?

Tech & Science

Is that really from…? Email impersonation attacks are on the rise

Impersonations on the rise: 60 percent of email threats impersonated well-known brand names such as Microsoft or Google.

Image: © AFP
Image: © AFP

The volume of nefarious emails impersonating enterprises continues to rise. According to the latest research from cybersecurity software and services provider Fortra, email impersonation threats such as business email compromise attacks are making up nearly 99 percent of reported threats.

The business email compromise is often the costliest form of cyberattack. This is a type of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds or revealing sensitive information.

Another trend is with credential theft attacks. In quarter1 of 2023, credential theft led all email impersonation threat types, which is bad news for business as it shows that malicious actors remain in search of sensitive information such as usernames, passwords, and credit card numbers — all of which could harm the bottom line, and brand reputation.

Other key findings reveals that 60 percent of email threats impersonated well-known brand names such as Microsoft or Google and 36 percent of email threats are posing as specific, well-respected individuals of note within a business.

With email providers, Google is the most abused email platform (accounting for 67.5 percent of recorded attacks in 2023), with Microsoft following close behind (18.3 percent of incidents). Although in terms of growth, Microsoft are catching up since Office 365 phishing attack volumes have doubled since Q4 2022.

Generative AI is trending among cybercriminals. ChatGPT, and other such language models, are giving criminals the tools to craft well-written messages at scale and avoid the poor spelling and grammar that frequently mark phishing attacks.

John Wilson, Senior Fellow, Threat Research at Fortra explains: “It isn’t hard to find someone who has fallen victim to email impersonation attacks. Social engineering combined with advancing technology such as generative AI has made attacks more advanced and harder to spot. Organizations must rethink how to defend against such threats.”

And in terms of concrete examples: “Consider if your security awareness training explores enough of current impersonation techniques, as well as how applying algorithms through machine learning can help to detect anomalies and patterns in order to accurately detect signatureless email threats at scale.”   

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Digital Journal announced as official media partner for Innovation Week in Calgary.

Tech & Science

The Nobel Prize in Physics was awarded to two scientists for discoveries that laid the groundwork for the artificial intelligence.

World

Meanwhile, just get out, now. This thing obviously means business.

World

Kamala Harris has taken a slim lead over Donald Trump in the US presidential race, a new poll showed.