Threats in corporate inboxes hit new highs with a quarter of all reported emails classified as malicious or untrustworthy. 99% of these threats were email impersonation threats, such as BEC and credential theft lures, that lack attachments or URLs delivering malware payloads. Cybercriminals continue to bypass traditional email security tools and reach end users by impersonating individuals, suppliers, and trusted brands.
In the 2023 BEC Trends, Targets, and Changes in Techniques report, data from Fortra’s Agari and PhishLabs email security solutions illuminates current attack techniques and infrastructure used in email impersonation threats. Key findings include statistics on email sender spoofing classifications and volume, free webmail providers used in BEC attacks, and the growth of hybrid vishing attacks.
While the fundamentals of BEC attacks have largely remained the same, criminals continue to optimize tactics to increase their success rate. Third-party targeting, AI, and phishing-as-a-service (PhaaS) have enhanced what was already working, putting the pressure on security teams to identify and mitigate social engineering threats before employees fall victim.
Gain the email impersonation insights to understand the solutions needed to recognize patterns and make predictions to accurately detect signatureless threats at scale.