Abnormal Security has released the H2 Email Security Threat report highlighting the top email security threats in the first six months of 2022. This article shares key statistics, discovered trends, and revelations of the report.

Phishing is undoubtedly the most significant cybercrime today, a fact that has been proved once again by Abnormal Security’s latest Email Threat Report.

With a 48% increase in email attacks in the first two quarters of 2022 and 68.5% of these including phishing links, threat artists are continuously exploring phishing campaigns, with a chief focus on brand impersonation, with over 265 brands being impersonated for phishing. Let us look at the statistics, the most evolving email threats, and the principal findings of the report.


Key Statistics of H2 Email Threat Report 2022

These are the critical findings of Abnormal Security’s Email Threat Report that will help paint a vivid picture of the current email attack scenario.

  • BEC (Business Email Compromise) attacks increased by 60% in the past 12 months.
  • There is an 89% probability of financial supply chain compromise attacks being received by enterprises, and that too per week.
  • Credential phishing attacks are becoming more popular, with 32% involving social network impersonation. 
  • Microsoft, e-commerce, and shipping account for 70% of impersonation in over 265 brands that were impersonated by threat actors in Q1 and Q2 2022.


Threat Actors Shift Attention to Emails Once Again

Emails serve as the primary method of communication in the corporate world. Be it businesses, service providers, clientele, education, or healthcare; emails have their presence. The latest report has indicated that threat actors have begun targeting emails due to consistent invasion success rates and the involvement of low costs in compromising emails.

During the first six months of 2022, email attacks have surged by 48%, averaging 85.1 attacks per 1000 mailboxes. The all-time high for average email attacks is slightly over 100 per 1000 mailboxes in the month of May 2022. As per the findings, email attacks subsided during the holiday seasons as employees engaging in malicious emails significantly reduced.

A similar break is observed in the month of December. But the volume of email attacks increased with the new year and was 170% higher than in 2021. Phishing has been the most common cybercrime of the past 3 years, according to the FBI’s IC3 (Internet Crime Complaint) reports, a trend that continues, as evident below.


(Advanced Email Threats by percentage, Source: Abnormal Security Email Threat Report)

As shown, 68.47% of email attacks involve phishing, followed by scams at 8.35%, malware at 7.01%, BEC, extortion, and others.


Brand Impersonation remains the Top Choice for Credential Phishers

Credential phishing is a severe threat to organizations as cybercriminals can deploy countless costlier attacks once they gain entry to the organizational network using employee credentials.

According to the report, threat actors impersonate major brands worldwide to trick employees. These attacks create a sense of haste via emails of pending invoices, locking of accounts or compromised accounts, subscriptions, and more. Due to the risk of strict action or losing access, employees make missteps and end up losing credentials.

The average employee of any large organization manages 25 passwords, increasing to 85 for employees of smaller enterprises. With employees reusing passwords an average of 13 times, it becomes easy for cybercriminals to compromise multiple accounts at once.

After analyzing over 425,000 credential phishing attacks, the report revealed that LinkedIn is the most impersonated social platform. Most credential phishing attacks mimic social networks, followed by Microsoft, shipping, e-commerce, financial services, business, InfoSec, email service providers, file hosting services, telecoms, and streaming services. Here is an example of a Microsoft phishing email.


(Threat Actor impersonates Microsoft, Source: Abnormal Security Email Threat Report)


Microsoft and its services are impersonated in 20% of all phishing incidents, with the attackers using the emails of compromised accounts to carry out mass phishing campaigns by utilizing genuine employee accounts, causing all kinds of havoc by hijacking conversations, redirecting payments, and requesting new funds.

Furthermore, the number of brands impersonated comprised over 60 brands in financial services, followed by 45 in e-commerce and 38 in business management. Threat actors usually impersonate the brands that carry better ROIs (Return on Investment).

For example, American Express, Paypal, and Wells Fargo were imitated more than other financial services. The report reveals that the most targeted sectors are educational institutions and religious organizations, suffering nearly 36% of all attacks. Other top targets include retail/consumer goods and manufacturing, followed by professional services, finance, and insurance.


Surge in Business Email Compromise Attacks

BEC attacks are expanding as you cannot recognize them using the traditional IOCs (Indicators of Compromise), and they generate significant ROIs for malicious artists. The report reveals that BEC attacks have risen from an average of 0.671 to 1.07 per 1000 mailboxes, growing 60% in the first 6 months of 2022, reaching their highest standard of 1.68 in May.

BEC attacks dipped near Memorial Day and ricocheted in the middle of June 2022. Another interesting thing is that smaller enterprises obtain more attacks at 1.65 per 1000 mailboxes each week than their larger counterparts, i.e., organizations with over 50,000 employees who received only 0.45 BEC attacks per 1000 mailboxes per week.

The report shares how advertising and marketing agencies are at the highest risk of BEC attacks, followed by agriculture/mining/chemicals and educational institutions/religious organizations. You can see all affected industries below.


(Weekly BEC probability of BEC attacks, Source: Abnormal Security Email Threat Report)


Financial Supply Chain Compromise is the Most Evolving Email Threat of 2022

CEO frauds have not been thriving, as per the new data. Threat actors have shifted their attention to impersonating third parties instead of the C-suite, giving rise to the financial supply chain compromise.

As observed in BEC, financial supply chain compromise includes impersonating a trusted third party to gain entry instead of internal executives or employees.

Threat actors impersonate known vendors to request organizations to pay invoices, update billing details, or complete existing wire transfers. These attacks are successful as any organization works with a ton of vendors or third parties and often ends up getting scammed due to these attacks.

Financial supply chain compromise is the fastest growing threat of 2021 and 2022, with 1 in every 5 Abnormal customers getting targeted by these attacks in Q1 and Q2 of 2022.

Furthermore, larger enterprises with over 50,000 mailboxes are more likely to be victims of financial supply chain attacks with an attack every week of the year, as opposed to organizations with 10,000 or more mailboxes that only receive these three times in four weeks. Here is a look at the probability of any organization receiving a financial supply chain attack.


(Financial Supply Chain Compromise by mailbox size, Source: Abnormal Security Email Threat Report)


As you can see, the probability of these attacks is directly proportional to the number of mailboxes.


Final Words: How to Stop These Advanced Email Threats?

Cybercrime is easy as it takes place behind the digital world and, as such, will continue to grow in complexity and attack surface as technologies and strategies emerge.

Employees are the most targeted in any organization, even though threat actors tend to shift their focus from one place to another, as evident by impersonation scams involving brands, C-suites, vendors, employees, and other parties. Security awareness training is an effective tool in your arsenal against email cybercrime, but what’s better is stopping these attacks from ever reaching your workforce.

Organizations can easily identify, evaluate, and block email threats with advanced AI-based tools and adequate phishing protection solutions. The right technologies implemented the right way can empower any enterprise and significantly diminish cyberattacks, protecting them from advanced email attacks such as phishing, BEC, and supply chain compromise.