Almost all of the top-tier 2020 Presidential campaigns are unprotected against email attacks, according to Agari’s Q2 2019 report published on Tuesday.
Agari analyzed the the email security controls for 12 campaigns leading in the polls and found that 10 — roughly 83% — lack additional protection beyond the basic security offered in Microsoft Office 365 or Google Suite.
This makes them vulnerable to candidate impersonation, donor fraud and other forms of attack typically perpetrated by nation-states, the company says.
“Email, by far the most common communication medium, is being weaponized by advanced sophisticated attackers who find it far too easy to send targeted messages that do real harm to people and abuse the fundamental freedoms we enjoy as U.S. citizens, like the right for our votes to decide election outcomes,” states Agari CEO Patrick Peterson.
Peterson adds that the company seeks to help the campaigns prevent attacks.
Agari also found that almost 30% of all advanced email attacks now come from the hijacked accounts of trusted individuals and brands, a 26% increase over the past 90 days.
In addition, 20% of business email compromise emails included personalization — i.e., the name of the recipient.
Agari also reports that individual display deception is the most common trick used when targeting C-suite executives.
In addition, employee-reported phishing attacks jumped 25% over the first quarter.