Brand impersonation remains the most common attack vector, used in 50 percent of advanced email attacks in the fourth quarter of 2018—with Microsoft impersonated in 70 percent of these instances. For executive targets, one-third (33 percent) of advanced email attacks use display name deception that impersonates an individual—a common tactic for business email compromise (BEC) attacks, which frequently target CFOs. In a survey of more than 300 businesses in the U.S. and U.K., it was determined that employees at the average company report 23,053 phishing incident reports per year—yet 50 percent are false positive reports. All of these reports and hours add up—at a cost of $253 per phishing incident—to more than $4.3 million per year in costs to to triage, investigate and remediate phishing incidents.
Source: Helpnetsecurity
