Account takeover-based (ATO) attacks now comprise 20 percent of all advanced email attacks according to new research from the email security and protection company Agari.
The firm’s recently published Q1 2018 Email Fraud & Identity Deception Trends report found that ATO attacks are rising in popularity among cybercriminals because they are more difficult to detect than traditional attacks and can bypass email filters since they are sent from a real sender’s email account.
Senior Director of Threat Research at Agari, Crane Hassold provided further insight on the treat posed by ATO attacks, saying:
“Credential phishing was already a huge risk for organizations because of the potential for data breach, but now there is a new wave of account takeover attacks leveraging compromised accounts to commit additional fraud, which evade traditional email security controls. Business email compromise attacks are still very active, especially against C-suite targets.”
Advanced email attacks
According to Agari’s Cyber Intelligence Division, brand impersonation remains the most common attack vector and this technique was used in 50 percent of advanced email attacks during Q4 2018 with cybercriminals impersonating Microsoft in 70 percent of these instances. Microsoft is often a target for credential phishing since attackers can use Office 365 accounts in subsequent ATO attacks.
However, a different pattern was identified when it came to attacks against executive targets with 33 percent of advanced email attacks against C-level employees using display name deception to impersonate an individual. This tactic is also commonly used for business email compromise (BEC) attacks that frequently target an organisation’s CFO.
With the approach of tax season in the US, impersonation of the US Internal Revenue Service (IRS) surged in the fourth quarter. The IRS was impersonated in nearly one in ten attacks which is up from less than one percent in the third quarter.
W-2 scams occur quite often in the runup to tax season, as cybercriminals utilise phishing emails and social engineering to obtain a business’ W-2 files which contain a wealth of sensitive information such as social security numbers, salaries and other confidential data that is used to commit tax fraud or identity theft.