email security office

Impostor Email Attacks Increased More than 60% Year-Over-Year

Impostor email attacks are a growing trend and problem. Attackers will target your employees, customers, and business partners with these advanced attacks.

It is now widely known that Cybercriminals aim to exploit users within organizations rather than the technology. Their sole purpose, to steal money and information which could prove financially valuable. Impostor email attacks also known as ‘business email compromise (BEC)‘ usually include attacks delivered by email spoofing or phishing. Business email compromise costs businesses billions of dollars each year. The main target by industry is Financial Services.

Imposter email attacks are generally targeted at specific users within financial services organizations who can execute requests on the attacker’s behalf. To increase the believability of the scam, cybercriminals use various tactics to spoof trusted identities and even send email attacks during specific business hours.

To better understand how impostor email is impacting financial services organizations around the world, Spambrella collected data relating to email imposter attempts targeting more than 100 financial services businesses in both 2017 and 2018. Below are the findings:

Imposter Email Attacks Rise

The findings show that Financial Service organizations are/were targeted 60% more frequently in Q4 2018 than in Q4 2017. A very clear increase in trend. 56% saw more than 5 employees targeted by impostor attacks in Q4 2018. Only 17% of the targeted financial services businesses we collected data from, had one person targeted in the same quarter.

Imposter Email Identity Deception Tactics

Attackers will use various deception tactics to deliver imposter email payloads. Lookalike domains are most frequent with domain spoofing and display name spoofing alongside. Domain spoofing is the most common identity deception tactic and is used to send malicious emails from an organization’s own trusted domain.

In Q4 2018, 69% of financial services firms were targeted by at least one impostor email attack impersonating their own domain. Furthermore, 97% of financial services organizations had their domain spoofed to target customers and business partners.

email sent from financial services

39% of email sent from financial services business domains in Q4 2018 appeared suspicious or were categorized as unverified. The percentage was even higher for email sent to the organization’s employees, at 68%. About 36% of email sent to customers from financial services-owned domains was unverified. The same was true of 19% of email sent to business partners.

The good news is that you can prevent domain spoofing attacks by fully implementing filters within services like Spambrella. With Spambrell you can ensure that all email sent from your trusted domain/s is verified and legitimate.

Imposte emails targeting financial service organizations

When Attackers Target Your Employees

Generally impostor email attacks targeting financial services companies are sent on weekdays between 7am and 1pm. in their target’s local time zone. This stands to reason as impostor attacks are socially engineered to be believable. A business partner, for example, is less likely to make a payment request after work hours or during a weekend. What is interesting is that Monday is the day which attackers choose to target victims, seemingly relying on the fact that the user may be less aware or as alert as they will be later in the week.

See also:

Quarantining Imposter Emails

Business Email Attack Losses Now Top $12 Billion – FBI