Download PDF version Contact company

On March 17, the FBI released its seminal annual Internet Crime Report. Once again, socially-engineered attacks (including business email compromise, spoofing, and phishing) by far were the number one cybercrime by financial loss, accounting for $2.1 billion of the $4.2 billion in losses to U.S. businesses and consumers. These attacks utilise impersonations to get companies to transfer money to fraudulent accounts and pose significantly more financial danger to an organisation than well-known tactics such as malware and ransomware.

As the FBI noted in its report, “fraudsters have become more sophisticated by evolving their techniques to use social engineering to compromise vendor email accounts and use stolen identities to establish bank accounts to receive stolen funds through invoice fraud.”

Attackers haven’t let up in 2021. As outlined in the new Threat Research Report “High-Profile Socially-Engineered Email Attacks Drive Record-High Employee Engagement & Fraud”, it was found that attacks across a variety of categories grew at significant rates. Quite simply, attackers are more successful by using socially engineered attacks to bypass existing protections such as secure email gateways. 

Key research takeaways

  • The rate of employee engagement increased by 50% for socially engineered attacks that bypass secure email gateways or other existing protections.
  • Employees are four times more likely to engage attackers through lateral phishing attacks from compromised internal accounts than with credential phishing from external accounts.
  • There was a 250% percent increase in the presence of malicious mail filters from Q4 2020 to Q1 2021.
  • The percentage of companies across industries hit with VEC attacks increased 119% between July 2020 and April 2021.

Its clear traditional secure email gateway defenses were not designed to stop socially engineered attacks. To stem the tide, organisations need to consider a new approach. Without one, high-profile attacks such as SolarWinds and USAID, which can surmise started with socially engineered campaigns, will continue to cause severe financial and reputational loss. 

How Abnormal stops socially-engineered attacks?

The API-driven approach uniquely leverages behavioural data science to profile and baseline good behaviour

Abnormal Security delivers a fundamentally different approach that protects enterprises from socially engineered email attacks from internal and external account compromises — ranging from targeted phishing, BEC, and invoice fraud — that were previously undetectable by traditional email security solutions. 

The new API-driven approach pioneered by Abnormal Security uniquely leverages behavioural data science to profile and baseline good behaviour to detect account compromises and phishing attacks. It delivers this approach through a cloud-native email security platform that can be deployed instantly into Microsoft Office 365 via a 1-click API integration – and can be used to extend the existing secure email gateways.

Abnormal Security requires no configuration and delivers results immediately after integration. The system learns and self-configures for each deployment and continually self-tunes, minimising any ongoing maintenance. Its behavioural data science approach works in conjunction with traditional threat intelligence email security solutions to provide an extra layer of defense against never-seen-before socially engineered advanced attacks.

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Quick poll
What is the most significant challenge facing smart building security today?