Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari.
Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run the largest public cloud computing platforms, which are widely used by companies undergoing digital transformation projects.
Providing comment on the report and the current trends in advanced email attacks is Tim Sadler, Co-Founder and CEO at Tessian.
Tim Sadler, Co-Founder and CEO at Tessian:
“The reason Microsoft and Amazon are the most impersonated brands is because they are highly reputable organizations with millions of loyal customers. Many customers have established longstanding relationships with these companies and are accustomed to communicating with them via email, which can engender trust and complacency on the part of the customer. It is these human “flaws” that phishers seek to exploit. These factors create advantageous conditions in which attackers can pharm for user credentials indiscriminately, extensively and effectively.
The proportion of Microsoft-impersonated email attacks is notably more significant for high-value targets such as C-level executives because Microsoft software is omnipresent in the corporate world. As such, executives are likely to use and trust it.
8 per cent of email attacks targeting individuals constitutes a significant proportion of the overall figure. In these attacks, known as spear-phishing, the adversary typically hijacks a relationship between two colleagues by imitating one in order to trick the other into sharing valuable data. These emails are more targeted and, therefore, more successful than classic phishing scams. To minimize the risk of falling victim to a phishing attack everyone – consumers, employees and executives alike – must be vigilant. They should respond prudently to any request for information or payment in their inbox. It is also important that users alert the necessary authorities if they spot a phishing email in their inbox.
Nevertheless, relying on human vigilance alone won’t adequately keep your data or network secure. As people become an increasing target for sophisticated attacks, we need to protect them. The most effective way of doing this is by applying a machine intelligent solution that comprehensively and automatically prevents attacks by analysing the context and content of inbound emails. This eradicates the issue of human error and vulnerability.”