Email attacks increasingly using compromised accounts

(Image credit: Image source: Shutterstock/kpatyhka)

Hackers are realising that it’s easier to defraud someone if you’re using a legitimate email address, rather than creating one yourself. With that in mind, they’re increasingly using compromised emails to attack unsuspecting victims.

Not only are such emails more believable, but they’re also harder for spam filters to detect.

This is according to a new report by email security and protection firm Agari. It says these types of attacks, which it dubs ATO attacks (account takeover), now make up some 20 per cent of advanced email attacks.

They’re basically advanced impersonation attacks, with the difference being that the attackers are actually using real, stolen email addresses.

“Credential phishing was already a huge risk for organizations because of the potential for data breach, but now there is a new wave of account takeover attacks leveraging compromised accounts to commit additional fraud, which evade traditional email security controls,” said Crane Hassold, Sr. Director of Threat Research, Agari. “Business email compromise attacks are still very active, especially against C-suite targets.”

Hackers mostly impersonate Microsoft (70 per cent). This company is a common target because Office 365 accounts can then be used in subsequent attacks

As for targeting managers, a third of advanced email attacks use display name deception.

As the tax season is approaching, hackers are impersonating the US Internal Revenue Service at a growing rate. They’re targeting companies’ W-2 files, which contain social security numbers, salaries and other confidential data needed for tax fraud and identity theft.

Agari’s full report can be found on this link.

Image source: Shutterstock/kpatyhka