New alarming statistics reveal that approximately 25 percent of phishing emails taken from a batch of 55 million analyzed emails were marked as clean by Office 365 Exchange Online Protection (EOP).
This means that these phishing emails got to recipients’ inboxes without any obstacle. A small of percentage (5.3 percent) were whitelisted due to admin configurations, when they had to be blocked.
New Report Shows the Development of Phishing Campaigns
The discoveries belong to Avanan’s 2019 Global Phish Report, which also reveals that one of 99 emails is part of a phishing attempt which involves malicious attachments or links. Considering the increasing success and frequency of phishing campaigns that deliver malware, these statistics should come to no one’s surprise.
“One in every 99 emails is a phishing attack, using malicious links and attachments as the main vector.Of the phishing attacks we analyzed, 25% bypassed Office 365 security, a number that is likely to increase as hackers design new obfuscation methods that take advantage of zero- day vulnerabilities on the platform“, the report says.
During the analysis of over the millions ofemails sent to Office 365, the researchers scanned every single email, which enables them to see not only the phishing attacks that were caught, but also those that were not detected.
The analysis also outlined the four most popular phishing attacks:
- Spear phishing;
- Extortion-based phishing;
- Credential harvesting;
- Malware phishing.
It is noteworthy that although spear phishing attacks are not as popular as the other ones, it is usually the type of attack with the most destructive impact. This impact stems from the fact that spear phishing emails are specifically designed to target high profile employees of large companies. These employees usually have access to highly sensitive data, hence their name, and open the door to cybercriminals to perform a range of malicious activities.
“These phishing attacks can also be the most difficult to detect, given the lack of attachments or links that can be flagged by anti-phishing tools. They rely on social engineering, rather than technical bypass methods,to deceive targets into surrendering a wealth of information”, researchers explain.
Extortion-based phishing emails account for 8 percent of the analyzed attacks. Here’s an example of an extortion phishing email attack which we recently wrote about – “Central Intelligence Agency – Case #[random numbers]”.
The scam used the “Central Intelligence Agency – Case #[random numbers]” subject line, with the sender representing themselves as a “technical collection officer for Central Intelligence Agency”. The pretext of this scam was the distribution and storage of pornographic electronic materials involving underage children.The scammers claimed that they read the documentation and knew the recipient was a wealthy person who may be concerned about their reputation. A payment would allegedly persuade the “technical collection officer for Central Intelligence Agency” to remove any details about the related fake case.
This is one of many similar phishing emails circling the web. But let’s see what else Avanan’s 2019 report has to say. The two most popular types of phishing attacks are related to credentials harvesting and malware infections.
In most cases, credential harvesting emails are masqueraded as emails sent out by trusted brands such as Google, Microsoft and Amazon, in an attempt to trick the recipient into entering their username and password in a spoofed login page. With these credentials,hackers take over the victim’s account or sell the information on the black market in bulk, the researchers note.
The purpose of a malware-carrying phishing email is clear – to infect the recipient with malicious software. More than 50 percent of the millions of analyzed phishing emails carried malware. These attacks often bypass traditional malware scans since the email itself is not malicious in the first place. However, the email typically contains a malicious link which triggers the download of malware, most likely a Trojan horse.