Hackers are going all-in with email attacks, brute force takeovers increase by over 671%
According to new data, hackers are working hard to find new ways to steal your credentials in phishing attacks.
If you were worried about hackers, you should be. According to new data, brute force email attacks and account takeover attempts on businesses have gone up by a massive 671% as hackers are trying to find new and novel ways to steal your credentials. Abnormal Security, a cloud-native mail security platform, revealed in ts Q3 2021 email threat report that there has been a significant rise in attacks that are very often used as launchpads for more significant attacks like ransomware and malware.
The report also revealed that cybercriminals are coming up with new ways to trick employees into giving away their credentials. This invariably leads to hacks and significant financial damages to businesses. “Socially-engineered attacks are dramatically rising within enterprises, worldwide, creating unprecedented financial and reputational risks. These never-before-seen attacks are becoming more sophisticated with every passing day,” said Evan Reiser, CEO of Abnormal Security.
The report stated that more than half of the organisations surveyed (61%) had experienced a vendor email compromise or a supply chain attack in Q3 2021. In the case of a vendor email compromise, threat actors usually first gain access to a vendor’s account. This then allows them to hijack existing conversations for more nefarious purposes like sending fraudulent invoices.
Hackers are also resorting to impersonation where they masquerade as well-known brands to trick victims into submitting credentials. Another popular modus operandi is to impersonate internal business systems. As per the report, fake emails from internal departments like the IT Help Desk and IT Support desk shot up by 46% over the past two quarters.
As Reiser pointed out, what makes these new type of scam emails dangerous is that they do not contain the usual indicators of compromise like links, attachments, or reputational risks. “So they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware,” Reiser explained.
Ideally, these email scams are not easy to spot and are increasingly getting more fool-proof by the day, but you can look out for giveaway signs like incorrect email IDs, typos in the body text, suspicious link attachments, etc.