Brand impersonation is a go-to tactic for attackers, especially for credential phishing and BEC attacks

Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report.

Q2 2020 email security

The report also reveals that Zoom supplanted American Express as the most impersonated brand in email attacks.

There have been surges in COVID-19-themed email security attacks, which continued in Q2, with weekly campaign volume increasing 389% between Q1 and Q2. There has also been a continued increase in BEC attacks targeting finance department employees over C-level executives, which grew by 50% quarter-over-quarter.

A spike in payment and invoice fraud attacks

Payment and invoice fraud attacks, largely driven by vendor fraud, grew by 112% over the last quarter, spiking at the end of June. For the first time, a surge in payment and invoice fraud related to the pandemic has been detected.

BEC-specific attacks also saw an acceleration of attack campaign volume, growing by 11% over Q2 as hackers took advantage of new work-from-home scenarios. As BEC attacks are highly targeted and sophisticated, designed to dupe key targets with the potential to lead to big payouts, this increase is substantial in nature.

The shift to remote work makes employees more susceptible to BEC attacks and gives threat actors the opportunity to apply tactics likely to be successful given these working conditions.

“The pandemic has ignited digital transformation efforts at a breakneck pace and cybercriminals are moving just as fast, taking advantage of a new work-from-home landscape amid great business uncertainty,” said Even Reiser, CEO, Abnormal Security.

“Keeping pace with change is critical, as attackers have continued to exploit enterprises’ weak links – such as vendor and partner relationships – and are pushing more sophisticated and targeted BEC attacks than we’ve seen previously.”

Q2 2020 email security

Changing trends in brand impersonation attacks

The report also uncovered changing trends in brand impersonation attacks, a form of fraud where a bad actor assumes the identity of a trusted or known entity. These attacks tend to follow the zeitgeist, which may help explain why Zoom became the most impersonated brand in Q2 due to its instant popularity and ubiquity.

Rounding out the top three were two other brands very much associated with COVID-19 shifts toward e-commerce and delivery: Amazon and DHL. For comparison, the three most impersonated brands in Q1 2020 were American Express, Amazon and iCloud.

“Our analysis of BEC and email security trends in Q3 will certainly prove to be interesting as we expect a downward trend in COVID-19-related attacks, an uptick in attacks related to the 2020 election and a continued rise in BEC, as attackers find success with socially-engineered techniques that evade traditional email security defenses,” said Reiser.

“Business leaders need to continue to focus on reviewing email security measures, most importantly examining BEC defenses, to ensure protection against attackers who are gaining steam.”

Don't miss