Identity deception attacks are on the rise — they accounted for 62% of all phishing campaigns from July to September of this year, according to Agari’s Q4 Email Fraud and Identity
Deception Trends report.
Brand impersonation campaigns fell 6% from the prior quarter, but emails pretending to be from individuals rose to 22% of all efforts, up from 12% in the same
period.
"Malicious emails impersonating well-known brands are generally associated with credentials-harvesting schemes," states Patrick R. Peterson, founder and CEO, Agari.
Peterson adds that "those spoofing trusted individuals are typically linked to more sophisticated, social engineering-based business email compromise attacks."
However, there was a 2%
decline in attacks launched from hijacked email accounts.
This may be due to the fact that cyber criminal groups are in intelligence-gathering mode in preparation for full-blown business email
compromise attacks.
The report also reveals that:
- Payroll diversions make up 25% of BEC scams, an increase of 5%
- DMARC (Domain-based Message Authentication Reporting,
and Conformance) adoption is up 49% over the past yearHowever, 84% of Fortune 500 companies remain at risk of brand abuse and phishing attacks against customers
- There was a 6% rise in
employee-reporting phishing attacks in the quarter, but false positives rose by 7%