The Q3 2017 Email Fraud Threat Report highlights the growing sophistication of email fraud, which exploits human psychology to deceive individuals rather than technology. Notable findings include a 12% increase in targeted attempts per organization and alarming statistics on domain spoofing, with 89% of organizations facing at least one spoofed email. The report emphasizes the necessity of multi-layered defenses, including DMARC authentication and data loss prevention, to mitigate these threats.

1. Protecting Your People
Q3 2017 Email Fraud Threat Report
Email fraud is one of today’s largest cyber threats. Unlike other
cyber threats, email fraud exploits people rather than technology.
By preying on human nature, attackers steal money and valuable
information from employees, customers, and partners.
ATTACKERS ARE EXPANDING THEIR REACH
WITHIN TARGETED ORGANIZATIONS
DOMAIN SPOOFING ATTACKS EXPAND THEIR FOOTPRINT
ATTACKERS ARE GROWING MORE SOPHISTICATED
Attackers are finding new ways to deceive security
technology and the people who rely on it.
The change suggests that attackers are trying to
appeal a range of personality types.
Read the full report here
proofpoint.com/us/solutions/email-fraud
28.75%
Payment
21.50%
Request
15.52%
Urgent
11.52%
Other
49%of all companies were targeted
with more than 10 email fraud
messages
12%increase in targeted attempts
per organization (vs. previous quarter)
49%of all companies were targeted
with more than 10 email fraud
messages
12%increase in targeted attempts
per organization (vs. previous quarter)
73%of organizations had multiple
identities spoofed and more
than one employee targeted
www.fakeurl.com
28%more people targeted per
organization on average
49%of all companies were targeted
with more than 10 email fraud
messages
12%increase in targeted attempts
per organization (vs. previous quarter)
89%of organizations were
targeted by at least one
domain spoofing email
5%increase in domain
spoofing attacks
Lookalike domains—in which attackers register a domain that’s
confusingly similar to the real one—is another leading spoofing technique.
Here are the most common approaches to creating lookalike domains.
You need a multi-layered defense that includes:
DMARC email
authentication.
Block all impostor
email attacks that
spoof trusted domains.
Data loss
prevention.
Prevents sensitive
information, such as
W2s, from leaving
your environment.
Lookalike
domain discovery.
Identify and flag potential
risky domains outside of
your control.
Dynamic
classification.
Analyze the content and
context of the email and
stop display-name and
lookalike domain spoofing
at the email gateway.
13.25%
Added or removed leading
or trailing characters
41.09%Individual
character swap
30.92%Additional
character
inserted
4.63%
Exact match (hyphenated)
6.71%
Removed character
3.40%
Exact match
Subject lines that
included “request” rose
43%over the previous quarter
U.S. AGENCIES FALLING FAR SHORT OF FEDERAL MANDATES
LOOKALIKE DOMAINS ALSO A PROBLEM
HOW YOU CAN FIGHT BACK
ORGANIZATIONS ARE UNDER ATTACK MORE THAN EVER
Proofpoint analyzes email fraud attacks against
thousands of organizations around the globe.
Here are our findings for Q3 2017.
100 of the 133federal agencies identified by Binding Operational Directive
18-01 have no published DMARC policies.
1 in every 8
emails sent from a federal agency is fraudulent
7.66% Greeting
10.02% Blank
1.26% FYI
0.48% Document
0.42% Date
0.18% Confidential
0.16% Legal
0.02% Tax
2.46% Where are you?
Subject lines with
“urgent” fell by
21%in the same period
Example: c0mpany.com
Example: cornpany.com