A quarter of phishing emails bypass Office 365 security, relying on malicious links and attachments as their main forms of attack. And a quarter of all branded emails are phishing emails, according to Global Phish Report, a study by Avanan.
The report, which was presented on Wednesday at the SecureWorld Conference, is based on an analysis of 55.5 million emails sent to organizations using Microsoft Office 365 and Google G Suite.
This research also shows that over 30% of phishing emails sent to organizations using Office 365 Exchange Online Protection were delivered to the inbox.
Of the emails studied, 33% of those containing a link to a site hosted on WordPress were phishing attacks, as were 98% of those containing a crypto wallet address.
In addition, the study reports that over 50% of all phishing emails contain malware. In addition, 40.9% feature credential harvesting, and 8.4% feature spear phishing or involve extortion.
The damage is likely to increase as hackers exploit zero-day vulnerabilities on such platform as Office 365 and G Suite.
Microsoft is the most impersonated brand, although Amazon enjoys that distinction during the holiday season.
“Cloud-based email, despite all of its benefits, has unfortunately launched a new era of phishing attacks,” states Yoav Nathaniel, lead security analyst at Avanan.
Nathaniel adds: “The nature of the cloud provides more vectors for hackers and gives them broader access to critical data when a phishing attack is successful.”