Advertisment

Report reveals email's vulnerability to phishing exploits and impersonation of leading brands

Cloudflare's groundbreaking 2023 Phishing Threats Report, revealing email's vulnerability and the impersonation of top brands.

author-image
DQINDIA Online
New Update
phishing threats

Cloudflare has published its inaugural 2023 Phishing Threats Report. The report highlights the persistently prevalent and rapidly expanding threat of phishing, primarily driven by the widespread usage of email and the ongoing challenge of human error exploited by contemporary threat actors.

Advertisment

Although business email compromise (BEC) losses have surpassed $50 billion, the scope of attackers' targets extends beyond corporate entities. The repercussions of phishing affect not only Fortune 500 companies and global enterprises but also small businesses, local organizations, and the public sector. Notably, Cloudflare's report unveils an increase in email threats directed at political organizations. During the three months preceding the 2022 US midterm elections, Cloudflare's email security service thwarted approximately 150,000 phishing emails aimed at campaign officials.

Irrespective of an organization's size, sector, or industry, the report uncovers two primary objectives pursued by threat actors utilizing phishing campaigns. The first objective revolves around establishing authenticity and credibility in the eyes of the victim, while the second involves enticing victims to engage or click. These objectives are reinforced by the report's key findings, which include:

  • Malicious links constituted the most prominent threat category, representing 35.6% of detected threats.
  • Identity deception threats have witnessed a year-over-year increase from 10.3% to 14.2% (equivalent to 39.6 million) of total detections.
  • Attackers assumed the identities of more than 1,000 distinct organizations in over 1 billion instances of brand impersonation. A significant proportion (51.7%) of these impersonations targeted 20 well-known brands.
  • The most frequently impersonated brand happens to be one of the most trusted software companies: Microsoft. Other prominent brands that were impersonated include Google, Salesforce, Notion.so, among others.
  • Newly registered domains constituted the second most common threat category, accounting for 30% of detected threats.
  • Contrary to popular belief, email authentication measures (such as SPF, DKIM, or DMARC) did not effectively neutralize threats. A substantial majority (89%) of unwanted messages managed to pass these authentication checks.
Advertisment

"Phishing has proliferated across the vast expanse of the internet, exploiting trust and victimizing individuals ranging from CEOs and government officials to everyday consumers," stated Matthew Prince, CEO of Cloudflare. "Emails and malicious links join forces as sinister partners in the realm of prevalent internet threats. Organizations of all sizes must adopt a Zero Trust solution that encompasses robust email security; neglecting this crucial aspect exposes them to the most significant threat vector in today's ever-evolving threat landscape."

phishing-threats
Advertisment