According to a recent report by web performance and security company Cloudflare, email phishing is still the primary way attackers gain access to organizations. Of the 250 million emails analyzed by Cloudflare between May 2022 – May 2023, specially crafted malicious links accounted for 35.6% of all threats.
Not only is the content of phishing emails becoming more convincing, but cybercriminals are adopting techniques that allow them to bypass standard email security controls, such as Sender Policy Framework (SPF), DomainKeys Identified Email (DKIM), and Domain-based Authentication, Reporting & Conformance (DMARC).
One such method involves establishing phishing domains well before they are used in attacks and configuring the domains with valid SPF, DKIM, and DMARC configurations. This technique allows the emails to bypass security checks by appearing to come from a legitimate sender.
Impersonation of popular brands was one of the fastest-growing phishing techniques. Of the more than 1,000 organizations impersonated, malicious emails appeared to come from 20 well-known brands 51.7% of the time. The brands most often faked were:
- Microsoft
- World Health Organization
- SpaceX
- Salesforce
- Apple
- Amazon
- T-Mobile
- Mastercard