Threatlist: Email Attacks Surge, Targeting Execs

Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter.

There was a 36 percent increase in email attacks against businesses between the first and second quarters of 2018, with retail, healthcare and government experiencing the most business email compromise (BEC) attempts, according to a new report. Several trends emerged in the analysis period, including management landing more in cybercrime’s cross-hairs, and big spikes in email fraud.

Executives Over-Index in Attacks

While non-management and low-level management employees are most often targeted inside organizations, executives are over-represented when it comes to relative targeting.

Regular employees accounted for 60 percent of highly targeted malware and credential phishing attacks, according to the “Protecting People” report from Proofpoint (analyzing customer attack data gathered April through June 2018). Executives only received 23.5 percent and 5.2 percent of targeted attacks, respectively.

Email attacks surged in some categories.

However, this still “a disproportionately large share of attacks” for upper management, given how few executives there are compared the total workforce.

“With information about employees widely and freely available, they can find multiple ways inside your environment,” according to the report.

Email Fraud Spikes

Overall, the number of email fraud attacks per targeted company rose 25 percent from the previous quarter (to 35 on average) and 85 percent from the year-ago quarter. Most companies were targeted at least once.

“By its nature, email fraud targets specific companies and recipients,” the report noted. “It works by impersonating someone the recipient knows and trusts. The attacker may request a wire transfer or sensitive information. In either case, the order looks like an everyday business request.”

Some industries saw triple-digit increases from a year ago: The average number of email fraud attacks against automotive companies soared more than 400 percent. Education-related attacks jumped 250 percent.

Further, more than 65 percent of companies targeted by email fraud had the identities of more than five employees spoofed. That’s more than triple the proportion in the year-ago quarter, suggesting that fraudsters are getting more creative and finding new ways to target victims.

Other Trends

Other notable data points include the fact that ransomware rebounded during the study period, accounting for nearly 11 percent percent of the total malicious email volume after falling sharply in previous quarters from its top 2017 perch.

Ransomware rebounded in the summer.

And finally, domain fraud, where attackers use “lookalike domains” to establish trust and carry out email fraud, credential phishing, counterfeiting and more, disproportionately affect U.S. consumers, the report found. Nearly two-thirds of targeted companies saw some level of abuse of their domains, including fraudsters sending attacks that spoofed the recipient’s own employer.

Also, nearly a quarter (23 percent) of suspicious domains that imitate top U.S. brands have active MX records, meaning they can send fraudulent emails to unsuspecting customers and employees.

Suggested articles

Discussion

  • Kunchen on

    Aside from reconnaissance or obtaining publicly available information, is there any information available on how much management-level information is acquired from internal threats?
  • Greg on

    Without headlining your percentages and numbers all over this page like spilled white-out, maybe try a different approach. There is no flow here. Your headline "Threatlist: Email Attacks Surge, Targeting Execs" had one sentence, the rest of the email of 434 words was on email fraud attacks in general. No examples of Execs being targeted within a company.
    • Tara Seals on

      Thanks for the feedback -- I added headers to help the story flow a bit better. :-)

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.