Phishing attacks targeting organizations in the US and Europe are twice as high

As Abnormal Security discovered, phishing continues to be one of the most popular ways for hacking groups to break into systems.

In its latest report Email security threats in Europe: insight into attack trends, The email security provider observed that between April 2023 and April 2024, the number of phishing attacks against organizations in Europe increased by 112.4%.

In the US, they increased by 91.5% in the same period.

“Although phishing ranks in the bottom third of all attack types tracked by the Internet Crime Complaint Center (IC3) (FBI) in terms of total losses, it is often only the first step in a variety of crimes and is often used more as a way to get foothold than achieving the final goal,” the report explains.

If a credential phishing attack is successful, it can provide threat actors with access to usernames and passwords that can be used to compromise other accounts and conduct additional, more damaging attacks.

Phishing emails can also be a mechanism for spreading malware that allows cybercriminals to steal data or demand ransom, disrupt operations, and conduct espionage.

Increase in BEC and VEC

Abnormal also discovered that business email breaches (BEC) are on the rise.

The number of BEC attacks targeting US companies increased by 72.2% year-over-year, while the number of BEC attacks targeting European companies increased by 123.8%.

This includes a sharp increase in vendor email compromises (VEC), a subset of BEC that involves impersonating vendors to deceive recipients into paying false invoices, initiating fraudulent wire transfers, or updating bank details for future transactions.