According to a recent study conducted by web services and security vendor Cloudflare, email phishing continues to be a significant and challenging threat for organizations. The study, which analyzed 250 million malicious email messages sent between May 2022 and May 2023, revealed that deceptive links accounted for 35.6% of all detected threats.
One of the key findings of the study is that scammers have become increasingly skilled at making their phishing emails appear legitimate. They carefully mimic the graphics and formatting used by legitimate senders, making it difficult for users to differentiate between a real email and a phishing attempt. The consequences of clicking on a malicious link can range from credential harvesting to remote code execution and network compromise.
Cloudflare also highlighted that the techniques used in phishing attacks are becoming more sophisticated. Attackers now set up malicious domains well in advance of sending their phishing emails. By doing so, they evade systems that typically alert when messages come from newly created domains. Additionally, attackers are finding ways to bypass common email server security techniques, such as sender policy frameworks, DomainKeys-identified mail, and domain-based message authentication reporting and conformance.
These security measures are ineffective against spoofed domain names or look-alike emails that deceive networks into thinking that an email is secure. Moreover, none of these techniques inspect the content of the messages themselves, only checking whether the sending domain is configured correctly.
Another concerning trend identified in the study is the rise of impersonation attacks. Impersonating someone else’s identity has become one of the fastest-growing techniques in phishing, accounting for 14.2% of all detected threats, up from 3.9% in the past year. Microsoft was the most impersonated brand, appearing in 9.9% of all impersonation attacks. Other top impersonated brands included the World Health Organization, Google, SpaceX, Salesforce, Apple, Amazon, T-Mobile, and MasterCard. Notably, brand impersonation tends to concentrate around well-recognized organizations, with 60% of all incidents involving the largest brands in the world.
Furthermore, the study highlighted the danger posed by compromised emails at vendors and other large organizations. Unlike traditional phishing attacks that rely on malicious attachments or deceptive links, a bad actor can simply send a fake invoice from a legitimate source. These types of attacks, known as business email compromise attacks, represented a small percentage (0.5%) of all threats. Cloudflare attributed this to their early detection in the attack cycle.
In conclusion, email phishing remains a significant threat to organizations, with scammers using increasingly sophisticated techniques to deceive users. It is crucial for organizations to implement robust security measures and educate employees about the risks associated with phishing attacks. By staying vigilant and adopting best practices, organizations can better defend against the ever-evolving phishing threat landscape.