Email Impersonation Attacks on the Rise, Mimecast Finds

Email security vendor Mimecast released its latest quarterly Email Security Risk Assessment (ESRA) report on June 6, providing insight from data collected across 44,644 participating users over a 287-day period. During the quarter, the ESRA test found 9 million emails that Mimecast categorized as some form of unwanted emails (spam), which included various threats and risks. Of the spam caught by Mimecast, there were 8,605 impersonation attacks detected, which is a 400 percent increase over the number of such attacks that Mimecast detected in its first-quarter 2017 report. This slide show takes a look at some of the highlights of the May 2017 Mimecast ESRA report.

The ESRA study found that Mimecast detected 8,972,968 messages labeled as spam. Of those, 3.2 million were rejected outright and 5.8 million were quarantined.

According to Mimecast’s analysis, on average one out of every 304 clicks that a user makes in email is to a bad site.

There are approximately 1,900 different file types that shouldn’t be sent via email, including Java Server Pages (.jsp) and executables (.exe). In the latest ESRA study, Mimecast detected 8,319 emails that had dangerous file types as attachments.

Not all attachments with dangerous file types are in fact malware. During the ESRA test for the quarter, Mimecast detected 2,156 malware attachments, of which 487 included some form of unknown malware.

Mimecast reported a 400 percent quarter-over-quarter increase in the volume of email impersonation attacks it detected, with 8,605 emails characterized as impersonation attempts.

Email impersonation attacks are also sometimes referred to as business email compromises (BECs), which a trend the FBI’s Internet Crime Complaint Center (IC3) has been tracking. In May 2017, eWEEK reported that the IC3 had estimated that BEC scams have resulted in $5.3 billion in financial losses since October 2013.

Although spam remains a problem, the majority of emails analyzed by Mimecast were deemed to be safe. Of 40.3 million emails inspected, 31.3 million (78 percent) were considered to be safe.