• by Ray Schultz , November 1, 2019

Identity deception attacks are on the rise — they accounted for 62% of all phishing campaigns from July to September of this year, according to Agari’s Q4 Email Fraud and Identity Deception Trends report.

Brand impersonation campaigns fell 6% from the prior quarter, but emails pretending to be from individuals rose to 22% of all efforts, up from 12% in the same period.

"Malicious emails impersonating well-known brands are generally associated with credentials-harvesting schemes," states Patrick R. Peterson, founder and CEO, Agari. 

Peterson adds that "those spoofing trusted individuals are typically linked to more sophisticated, social engineering-based business email compromise attacks." 

However, there was a 2% decline in attacks launched from hijacked email accounts.

This may be due to the fact that cyber criminal groups are in intelligence-gathering mode in preparation for full-blown business email compromise attacks.

The report also reveals that:

• Payroll diversions make up 25% of BEC scams, an increase of 5%
• DMARC (Domain-based Message Authentication Reporting, and Conformance) adoption is up 49% over the past yearHowever, 84% of Fortune 500 companies remain at risk of brand abuse and phishing attacks against customers
• There was a 6% rise in employee-reporting phishing attacks in the quarter, but false positives rose by 7%