The latest Spear Phishing Report from Barracuda highlights how cybercriminals are systematically improving their game… and are becoming more successful for it.
The capturing of user credentials online used to takeover accounts is a key starting point for cybercriminals. In some cases, credentials provide access to online email, files, and collaboration where the initial access serves as the foothold to target executives and other key employees, or used to simply steal valuable access to data, bank accounts, and more.
The basis for this kind of attack is brand impersonation. From the phishing email, to the bogus (but very realistic) logon page, the bad guys use a well-known online brand to fool their victims. According to Barracuda’s latest 2019 Spear Phishing Report, the use of brand impersonation is at an all-time high. From the report:
- 83% of all phishing attacks involve brand impersonation
- 32% of attacks impersonate Office 365
- 21% of attacks impersonate a financial institution
- 20% of attacks impersonate Apple
Attackers are leveraging well-known brands to establish context for the recipient victim. This use of brand impersonation raises the likelihood of a successful attack.
Barracuda recommends a combination of technology and user training to combat this rise in brand impersonation attacks. Technologies such as DMARC authentication and multi-factor authentication can be used as part of a layered approach to stopping these kinds of attacks. Users undergoing Security Awareness Training can be taught to spot suspicious brand impersonation emails before they fall for them and provide credentials.
Brand impersonation is a powerful and effective means for cybercriminals to lower your user’s defenses and improve the chances of successful attack.Putting technology and training controls in place is a necessary step to stop this attack method.