Cybercriminals are increasingly leveraging social engineering scams via sophisticated phishing techniques. According to a research from Ironscales, nearly 50% of all advanced phishing attacks like spear-phishing and social engineering evade popular secure email gateways (SEGs). Ironscales researchers stated they evaluated the effectiveness of Microsoft ATP, Mimecast, Proofpoint, and other SEGs services in preventing advanced email attacks.
It was found that the majority of the phishing emails were social engineering techniques, including email spoofing, business email compromise (BEC), executive impersonation, and other email frauds.
- The research emulated 162 emulations against the top SEGs, equating to 16,200 malicious messages sent.
- Over 7,614 emails bypassed the SEG and landed inside the inbox. Interestingly, both Proofpoint and Mimecast incurred a greater penetration rate than Microsoft ATP.
- The SEGs were mostly successful at thwarting phishing emulations containing malicious payloads. Emulations with links had a penetration rate of only 3%, while those with attachments had a penetration rate of just 4%.
- The phishing attack technique with the greatest penetration rate was sender name impersonations. Sender name impersonations accounted for 30% of all SEG penetrations, which represents a 6% increase from our 2019 analysis.
- Domain name impersonations accounted for 25% of penetrations. This represents a 23% increase from the 2019 research.
- VIP impersonations, such as CEO spoofs, and fake login pages came in at 22% and 16%, respectively.
“From an attacker’s perspective, the transition from spear-phishing emails packed with malicious payloads to social engineering was a no brainer. The most commonly deployed secure email gateways, such as Microsoft Advanced Threat Protection (ATP), Mimecast, Proofpoint and others, were not built to analyze the language within an email and decipher a message’s context and intent,” the researchers said.