Attackers Don’t Discriminate Based on Business Size or Industry
- Proofpoint researchers saw “almost no connection between company size and how often it is targeted by email fraud.”
- Though organizations in the financial services, manufacturing, healthcare, and energy/utility sectors face a slightly higher frequency of attacks, researchers “saw a mostly uniform spread of email fraud attempts across industries.”
Subject Lines and Tactics Are Becoming More Varied
- “Payment,” “request,” and “urgent” remain the most popular keywords in the subject lines of fraudulent emails, but Proofpoint saw a 1,850% increase from 2016 to 2017 in BEC attacks that took a “legal” angle.
- More than 11% of email fraud attacks in Q4 2017 used some form of email history fabrication (i.e., they included a “Re:” or “Fwd:” in the subject line, a fabricated reply history, or both).
Spoofed Domains and Display Names Were Leading Attack Techniques
- 93% of organizations were targeted by at least one domain-spoofing attack in 2017.
- 40% of BEC attacks in Q4 2017 featured display-name spoofing via web-based email services, with aol.com and gmail.com being the most commonly utilized sending domains.
Additional Insights Are Available in the Report
For more details about the report’s findings — including statistics related to wire-transfer fraud, tax-related scams, and lookalike-domain spoofing — download a copy of the Email Fraud Threat Report from the Proofpoint website.