Armorblox releases today its 2022 Email Security Threat Report, which highlights the use of language-based attacks that bypass email security controls. The report uncovers how the increase in remote work has made critical business workflows more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft.
The Armorblox report is based on data gathered across more than 58,000 customer tenants, end-user feedback and threat research. It documents the rise in targeted attacks and the increased sophistication, accuracy, and financial impact of email-based attacks.
Key findings in the report include:
- Language-based attacks are the new normal for business email compromise (BEC) with 74 percent of these attacks using language as the main attack vector.
- Attackers realize many critical business workflows happen over email. As a result, this is the primary attack mechanism for credential phishing. Notably, 87 percent of credential phishing attacks look like legitimate common business workflows in order to trick end users into engaging with the email.
- Security teams spend a massive amount of time configuring rules and exceptions in their email security solutions to block impersonation emails – both for executives and other employees. Despite all that manual work and rule writing, 70 percent of impersonation emails evade email security controls.
- The rise of SaaS solutions driving business workflows has created a big surge in brand impersonation of companies in this space. Dropbox, Microsoft and DocuSign are among the most impersonated brands in 2021.
Attackers are moving away from old approaches that use malicious links or attachments in broad-based attack campaigns, to targeted attacks where the language in the email is used to compromise a user’s trust. The Armorblox 2022 Email Security Threat Report presents the associated trends for targeted email attacks across the four most prevalent threat types – BEC, financial fraud, phishing attacks, and impersonation attacks.
To learn more, download a copy of the 2022 Email Security Threat Report here.
