• by Jess Nelson , February 19, 2018

Business organizations were more heavily impacted by email fraud in 2017 than in 2016, according to a recent Proofpoint study that details the growth of email phishing attacks year-over-year. 

The enterprise security company analyzed 160 billion emails delivered to 2,400 global companies at the end of 2017 in its Email Fraud Threat Report, concluding that 88.8% of organizations were targeted by at least one email phishing attack over the past year.

This is a significant increase from results detailed in Proofpoint’s 2016 report, which cited that 75% of organizations had been impacted by email fraud.

More identities were spoofed in 2017, as well according to Proofpoint, with almost half of organizations having more than five spoofed email identities. The majority of spoofed identities -- instances when fraudsters leverage spoofed emails to impersonate individuals within an organization to trick their victims -- held job titles related to finance and/or accounting. Similar results were found in a study released by KnowBe4 that suggests people usually click on phishing attacks that concern money, whether the money is being promised or threatened.

Social media-themed email phishing attacks also saw high rates of success, according to Proofpoint, and spoofed LinkedIn notifications were the most convincing. Fake LinkedIn emails -- such as requests to add people, join networks, and reset passwords -- fooled 53% of test subjects.

Fake social network notifications are a favorite method of attack of email fraudsters, according to a January Wombat Security report. The security software company, recently acquired by Proofpoint, asserts that consumer messages were used in 45% of email phishing attacks. Corporate messages mimicking official business communication were used in 44% of attacks.

Since an all-inclusive solution to combat email fraud has yet to be released, it is imperative that email users remain alert for any malicious content in their inboxes. Be suspicious of any email with an attachment or link, as just one wrong click can create a doorway for cybercriminals to enter your digital domain.

A PDF is the most common file type used in cyberattacks, according to a Barracuda Networks, which spotted 41 million malicious PDFs sent over email over within the last three months. Other file types to watch out for include data formats such as RFTs, and Office files, like Word or Excel documents. Out of 70 million Office documents scanned in the last quarter, Barracuda Networks detected more than 4.7 million malicious files.