• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
    • Reputation Monitoring
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • Blog
    • DMARC Training
    • DMARC in Your Country
    • DMARC by Industry
    • Support
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

Types of Email Phishing Attacks

Blogs
Phishing Blog banner 821x308

Email phishing has evolved over the years from gamers sending prank emails to it becoming a highly lucrative activity for hackers across the world.

In fact, in the early to mid-’90s AOL experienced some of the first big email phishing attacks. Random credit card generators were used to steal user credentials which allowed hackers to gain wider access into AOL’s company-wide database.

These attacks were shut down as AOL upgraded their security systems to prevent further damage. This then led hackers to develop more sophisticated attacks using impersonation tactics which are still widely used today.

If we jump forward to today, the impersonation attacks most recently affecting both the White House and the WHO prove that any entity is at some point or another is vulnerable to email attacks.

According to Verizon’s 2019 Data Breach Investigation Report, approximately 32% of data breaches experienced in 2019 included email phishing and social engineering respectively.

With that in mind, we’re going to take a look at the different types of phishing attacks and why they pose a huge threat to your business today.

Let’s get started.

1. Email spoofing

Email spoofing attacks are when a hacker forges an email header and sender address to make it look like the email has come from someone they trust. The purpose of an attack like this is to coax the recipient into opening the mail and possibly even clicking on a link or beginning a dialogue with the attacker

These attacks rely heavily on social engineering techniques as opposed to using traditional hacking methods.

This may seem a rather unsophisticated or ‘low-tech’ approach to a cyberattack. In reality, though, they’re extremely effective at luring people through convincing emails sent to unsuspecting employees. Social engineering takes advantage not of the flaws in a system’s security infrastructure, but in the inevitability of human error.

Take a look:

In September 2019, Toyota lost $37 million to an email scam.

The hackers were able to spoof an email address and convince an employee with financial authority to alter account information for an electronic funds transfer.

Resulting in a massive loss to the company.

2. Business Email Compromise (BEC)

According to the FBI’s 2019 Internet Crime Report, BEC scams resulted in over $1.7 million and accounted for more than half cybercrime losses experienced in 2019.

BEC is when an attacker gains access to a business email account and is used to impersonate the owner of that account for the purposes of causing damage to a company and its employees.

This is because BEC is a very lucrative form of email attack, it produces high returns for attackers and which is why it remains a popular cyber threat.

A town in Colorado lost over $1 million to a BEC scam.

The attacker filled out a form on the local website where they requested a local construction company to receive electronic payments instead of receiving the usual checks for work they were currently doing in the town.

An employee accepted the form and updated the payment information and as a result sent over a million dollars to the attackers.

3. Vendor Email Compromise (VEC)

In September 2019, Nikkei Inc. Japan’s largest media organization lost $29 million.

An employee based in Nikkei’s American office transferred the money on instruction from the scammers who impersonated a Management Executive.

A VEC attack is a type of email scam that compromises employees at a vendor company. Such as our above example. And, of course, resulted in huge financial losses for the business.

What is Email Phishing?

Email phishing is a form of social engineering in which fraudsters send emails to trick people into giving up confidential information. The emails often look like they come from an organization or individual you trust, such as your bank, a government agency, or even someone in your own company.

Email phishing is becoming more common as people spend more time online and less time reading physical mail. This makes it easier for fraudsters to reach out and contact their victims via email.

How to indentify phishing? 

If you are ever unsure whether an email is real, there are a few ways you can check. First of all, look at the sender’s address. If it doesn’t match what you’re used to seeing on official communications from that company or government agency, then it’s probably not legitimate.

You should also check the subject line and body of the email for spelling errors or other warning signs that it may be fake. For example, if someone sends you an email claiming to have “information” about your account but they misspell “information” as “infomation,” then this may be a sign that they didn’t write the email themselves and don’t know what they’re talking about!

How to prevent Email Phishing with DMARC?

Businesses the world over are increasing their cybersecurity budgets to limit the examples we’ve listed above. According to IDC global spending on security solutions is forecasted to reach $133.7 billion in 2022.

But the truth of the matter is that the uptake of email security solutions like DMARC is slow.

DMARC technology arrived on the scene in 2011 and is effective in preventing targeted BEC attacks, which as we know are a proven threat to businesses all over the world.

DMARC works with both SPF and DKIM which allows you to determine which actions should be taken against unauthenticated emails to protect the integrity of your domain.

READ: What is DMARC and why your business needs to get on board today?

Each of the above cases had something in common… Visibility.

This technology can reduce the impact email phishing activity can have on your business. Here’s how:

  • Increased visibility. DMARC technology sends reports to provide you with detailed insight into the email activity across your business. PowerDMARC uses a powerful Threat Intelligence engine that helps produce real-time alerts of spoofing attacks. This is coupled with full reporting, allowing your business greater insight into a user’s historical records.
  • Increased email security. You will be able to track your company’s emails for any spoofing and phishing threats. We believe the key to prevention is the ability to act quickly, therefore, PowerDMARC has 24/7 security ops centers in place. They have the ability to pull down domains abusing your email immediately, offering your business an increased level of security.
    The globe is in the throes of the COVID-19 pandemic, but this has only provided a widespread opportunity for hackers to take advantage of vulnerable security systems.

The recent impersonation attacks on both the White House and the WHO really highlight the need for greater use of DMARC technology.

In light of the COVID-19 pandemic and the rise in email phishing, we want to offer you 3 months FREE DMARC protection. Simply click the button below to get started right now

Claim Your Offer

Email phishing

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Web Security 101 – Best Practices and Solutions - November 29, 2023
  • What is Email Encryption and What are its Various Types? - November 29, 2023
  • What is MTA-STS? Setup the Right MTA STS Policy - November 25, 2023
May 8, 2020/by Ahona Rudra
Tags: Cyber threats, DMARC, Email phishing, Email spoofing, Free DMARC, Phishing, powerdmarc
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail
You might also like
email forwardingEmail Forwarding and Its Impact on DMARC Authentication-Results
BEC blogHow to Protect Small Businesses from BEC with Email Authentication?
nz spoofing risk blogNZ organizations showing low DMARC compliance rates
100 dmarc enforcement blogSo You Just Got to 100% DMARC Enforcement. What Now?
2021 scamsTop 5 Evolved Email Fraud Scams: 2023 Trends
covid spoofingHow Attackers Are Using the Coronavirus to Scam You

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Web Security 101 - Best Practices and Solutions
    Web Security 101 – Best Practices and SolutionsNovember 29, 2023 - 4:52 pm
  • What-is-Email-Encryption-and-What-are-its-Various-Types
    What is Email Encryption and What are its Various Types?November 29, 2023 - 12:39 pm
  • mta sts blog
    What is MTA-STS? Setup the Right MTA STS PolicyNovember 25, 2023 - 3:02 pm
  • Email phishing
    DMARC Black Friday: Fortify Your Emails This Holiday SeasonNovember 23, 2023 - 8:00 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
Reputation Monitoring
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
PowerDMARC expands Executive Advisory Board, welcomes the newest memberpress releasecyberseconPowerDMARC partners with CyberSecOn, launches new operations in Australia, New...
Scroll to top