Phish of the Week: How Did Phish Fare in 2020?

A Year and Millions of Phish Later

It’s been a challenging year. We’ve all had to shift the way we live, do business and protect our organizations from cyber attacks. Recent events like the SolarWinds and FireEye breaches remind us all that we are in an asymmetric fight that never ends.

As the year winds down, we consider ourselves fortunate to have played a meaningful role in helping to protect organizations large and small from motivated threat actors. The list runs long, but here are some of the most notable attack trends we saw in 2020:

    • COVID-19-themed attacks, not surprisingly, are at the top of the list. Taking advantage of fears surrounding the pandemic, hackers barely had to be creative to lure victims. To date, we’ve seen and intercepted 5.4 million pandemic-based phishing attacks.
    • The shift to cloud email leaves businesses deciding between depending on cloud-suite native security capabilities or layering their email with legacy solutions. Unfortunately, neither option fared well in 2020. Our service blocked 7.2 million phishing attacks that targeted organizations using Microsoft Office 365 as their cloud email provider.
    • And finally, a 2020 theme worth noting is email authentication. Companies often consider DMARC, SPF and DKIM as a means to secure email against phishing threats. While an important tool, email authentication does not hold up against sophisticated phish – as evidenced by our service stopping 23 million phish that bypassed DMARC, SPF and DKIM.

Trouble Trusting Your Suppliers’ Security? We Don’t Blame You

Another trend that increasingly threatened organizations in 2020: supply chain-based attacks. Digital supply chains represent a significant security risk to any organization – a risk made frighteningly clear by the recent FireEye and SolarWinds breach.

Attackers often successfully compromise a supplier, partner or vendor to initiate their attack against other organizations. And as our Chief Security Office Blake Darche says, “Attackers are increasingly breaching victims through side windows, instead of breaking down front doors.”

We see this trend only increasing. In our own service we’ve stopped upwards of a quarter billion dollars in supply chain-related fraudulent invoicing this year.

If you don’t yet have a strategy for stopping the 7 types of supply chain phishing attacks, download this complimentary white paper now. (7 min)

Old Phish, New Tricks

Why are hackers sticking to the COVID-19 theme? Well, because it works. In a campaign “sequel” to an infamous Microsoft Sharepoint spoof, this new version lures its upper-level management targets with urgent info about COVID-19 restrictions. Area 1’s security research team uncovered this new wave of phish and detailed it all in this new blog (3 min).

What Your SOC Team Wants in 2021

Is your security team burdened with incident response from an increase in phishing attacks and security aware employees? Read this new data sheet (2 min) to learn how postdelivery inbox protection and M-SOAR (email security orchestration and response) can reduce your SOC’s incident triage time by 90 percent.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!



Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.