Inaugural IRONSCALES Threat Index Reveals New Insights on Phishing and BEC Threats
May 2023 by IRONSCALES
IRONSCALES released its inaugural IRONSCALES Threat Index. The IRONSCALES Threat Index: Q4’22/Q1’23 Edition , based on proprietary data analysis of millions of customer emails, highlights the evolving landscape of phishing and business email compromise (BEC) trends.
The IRONSCALES Threat Index: Q4’22/Q1’23 Edition , based on proprietary data analysis of millions of customer emails, highlights the evolving landscape of phishing and business email compromise (BEC) trends. From the dominance of unknown threats to the rise of credential theft and BEC scams, these findings shed light on the pressing cybersecurity challenges faced by organizations today. The IRONSCALES Threat Index encompasses email data across all of IRONSCALES Microsoft 365 and Google Workspace protected customers from October 2022 through March 2023.
Key findings are summarized below:
• Unknown Threats Continue To Dominate & Evade: In the six-month period, IRONSCALES saw nearly eight million phishing messages slip past traditional email defenses including Secure Email Gateways (SEGs). The majority (88%) of those messages were "unknown" threats, such as advanced phishing attacks that use social engineering tactics to create a false sense of trust and urgency to get the victim to act fast. These types of threats are particularly dangerous because they are highly targeted, have not been previously identified, and can evade traditional security measures. They can, however, be detected through a combination of AI and machine learning technologies and human insights – both of which are better equipped to identify anomalous behavior and threats.
• Credential Theft Remains Top Concern for Financial Services & Others: Overall, known phishing attempts had a mild bump from the previous six months time period, increasing by just over 2%. However, credential theft in particular saw a steady incline. Nearly three-quarters (72%) of all known attempts were credential theft scams, representing a 10.5% increase from the previous six months. Suspected VIP impersonation also increased slightly. The top three industries impacted the most by known phishing attempts were financial services, industrials (manufacturing, construction, etc.), and computer hardware or software.
• Business Email Compromise Rises 35% Over Six-Month Period: Overall, business email compromise (BEC) scams increased by 35% from the previous six months. The total number of BEC attempts accounted for nearly one-tenth (8.8%) of all phishing scams. Notably, payment scams involving a payment inquiry or wire-transfer request, accounted for nearly 70% of all BEC attempts, up from 57% the previous year.
“Our inaugural IRONSCALES Threat Index reveals that the threat landscape continues to evolve and unknown threats are dominating and evading traditional email defenses. Only advanced artificial intelligence technologies combined with the power of human insights (HI) can detect these emerging threats,” said Eyal Benishti, co-founder and CEO, IRONSCALES. “With credential theft remaining a top concern for industries like financial services, and business email compromise scams increasing drastically in just six months, it’s clear that organizations need to stay vigilant and leverage cutting-edge solutions, along with human insights to protect against these evolving threats.”
IRONSCALES is at the forefront of defending against sophisticated phishing and BEC attacks. As the only solution that leverages the power of AI and human insight, IRONSCALES equips enterprises worldwide with comprehensive tools to bolster their security posture against the constantly evolving threat landscape, from the known to the unknown.