Email fraud continues to make headlines within the cybersecurity space and continuously reaches unprecedented levels of impact on organizations of all sizes and in all locations. In fact, the FBI recently released a new report indicating that business email compromise (BEC) and email account compromise (EAC) scams – common forms of email fraud - have cost organizations more than $12.5 billion in losses.
To better understand email fraud and the trends surrounding this threat, Proofpoint regularly analyzes attacks we block that target thousands of organizations worldwide. Here are some of our findings for Q2 2018.
The number of email fraud attacks grew 36% quarter-over-quarter
While email fraud is still a highly targeted style of attack, we see the number of these scams and the frequency with which a given organization is targeted continue to rise. In Q1 2018, there was a 103% year-over-year increase in the number of attacks identified and blocked. The threat is not slowing down as made clear with the 36% quarter-over-quarter increase in Q2.
Companies of all size and in all industries are impacted by email fraud
Consistent with all previous quarterly research, there is no statistical correlation between the size of an organization and the frequency with which they are targeted. Companies across all industry verticals are targeted by BEC attacks and in Q2, almost all verticals saw an increase in the average number of attacks. Real estate has emerged over the last few quarters as the industry vertical most frequently targeted (the average company received 68 BEC emails in Q1 2018 and 67 in Q2). This is consistent with the FBI’s latest report mentioned above. Both the retail and public-sector verticals were targeted twice as much as they were in Q1, and manufacturing and healthcare also remain notably highly targeted verticals.
These are highly targeted attacks, but criminals are becoming increasingly more sophisticated
In 2017, organizations were targeted on average by 18.5 attacks per quarter. We saw a dramatic rise in the first quarter of 2018, with that average number being about 28. In Q2, there was another significant increase as organizations were targeted by an average of 35 email fraud attacks – a quarter-over-quarter rise of 25%.
78% of organizations were targeted by more than 10 email fraud attacks, with 17% of organizations targeted by more than 50. Attackers are becoming increasingly sophisticated as they impersonate more people (from an average of 13 in Q1 to 16 in Q2) and target more employees (from an average of 16 in Q1 to 27 in Q2) – both deeper within organizations and across more departments.
The email fraud threat landscape includes various fraud tactics
Attackers leverage multiple identity deception and email spoofing tactics to trick unsuspecting victims and avoid being blocked including display name spoofing, domain spoofing, and look-alike domains.
Display name spoofing is the most common tactic and is often used with other tactics. In Q2, 90.27% of the email fraud attacks that Proofpoint analyzed and blocked employed this tactic. This stands to reason as the display name is both the most visible identifier and the easiest to spoof.
Domain spoofing attacks accounted for nearly 18% of the total BEC messages in Q2, but 63% of organizations targeted by BEC were targeted by at least one domain spoofing attack. The total number of domain spoofing attacks also increased 23.5% year-over-year in Q2 2018. These threats use an organization’s trusted domains to send malicious emails to an organization’s employees, customers, or business partners.
Recommendations for stopping email fraud
Email fraud is a 360-degree problem as criminals can leverage multiple identity deception tactics to target multiple stakeholders related to an organization, including their employees, customers, and business partners. Companies need insight into the various threats that span across all targets and solutions that will block every one of these fraud tactics.
Proofpoint recently released EFD360, which provides the visibility and controls you need to solve the entire email fraud problem–all from a single, integrated solution. To learn more about the latest email threats facing your organization, read Proofpoint’s full Q2 2018 threat report here.