Credential phishing attacks skyrocketing, 265 brands impersonated in H1 2022

Abnormal Security released a report which explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise, and the rise of brand impersonation in credential phishing attacks.

The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.

“The vast majority of cybercrime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security.

“By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”

LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cybercriminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.

Additional findings

• Over a third of credential phishing attacks involving brand impersonation targeted educational institutions and religious organizations.
• There was a 150% year-over-year increase in BEC attacks, showcasing the increased threat of these most financially-damaging attacks.
• BEC attacks target every industry, but advertising and marketing agencies remain the most at risk with an 83% chance of receiving a BEC attack each week.
• Financial supply chain compromise is continuing at a steady pace and targeting nearly every size organization, with 89% of large enterprises receiving at least one vendor attack each week.

“We know that email attacks target organizations of all sizes across all industries, but this data continues to reiterate that point. Brand impersonation is particularly worrisome for cybersecurity leaders, since the most sophisticated attacks are incredibly difficult to differentiate from a legitimate email from that brand,” stated Mike Britton, CISO at Abnormal Security.

“As we see this trend continue to increase across the threat landscape, organizations should look to add security solutions that can detect these attacks, even when they come from legitimate domains and use never-before-seen links.”