Impersonation Phishing Attacks Up 67% in Last 12 Months

Social engineering attacks using impersonation tactics increased by 67% over the past twelve months, according to Mimecast’s annual State of Email Security report. Mimecast surveyed more than a thousand organizations around the world and found that 94% of them had been targeted by phishing attacks in the past year. More than half of the organizations said these attacks were increasing, and 41% observed a rise in internal malicious emails due to compromised accounts.

The spike in impersonation attacks is the report’s most striking finding. These attacks can be highly targeted, as in the case of business email compromise scams. They can also use the branding of well-known companies and services to increase the efficiency of widespread phishing campaigns. Of the organizations who were affected by impersonation attacks, 73% experienced losses of customers, money, or data.

Mimecast’s press release states that “social engineering attacks are a rising concern for organizations because they’re often one of the most difficult to control.” As security technologies get better at blocking automated phishing campaigns and off-the-shelf malware, attackers are increasingly relying on social engineering to make their attacks more effective.
 

"Delete" Notification as Office 365 Phishbait

Attackers are posing as Office 365 support in phishing emails that warn users about an “unusual volume of file deletion” on their accounts, BleepingComputer has found. The emails claim that a medium-severity alert was triggered by fifteen file deletions within five minutes. If victims click on the link to view the alert’s details, they’ll be taken to a spoofed Microsoft login page. The attackers will then collect their credentials before forwarding them to the legitimate Microsoft login portal.

A notable feature of this campaign is that the phishing pages are hosted on Microsoft’s Azure cloud services, so the URLs end with “windows.net.” As a result, even users who know that they should inspect the top-level and second-level domains of the URL could still fall for the scam. Azure-hosted sites are also secured with Microsoft SSL certificates, increasing the appearance of authenticity.

Researchers have discovered hundreds of phishing sites hosted on Azure and other cloud services in the past month. While Microsoft takes these sites down as quickly as it can, the sheer volume of malicious domains means that attackers usually have several days to carry out their attacks. Additionally, when their sites are shut down, they can easily set up more.