5 Types of Email Phishing and Threats (BEC/EAC)

As one of the most financially damaging online crimes, BEC (Business Email Compromise) or EAC (Email Account Compromise) can actually take up most damages amongst internet crimes, according to FBI’s IC3. Around 93% of email breaches were caused by phishing attacks and Penta Security is here to guide and help provide a security solution to protect against attacks. Let’s first get around to the definition of phishing. 


What is Phishing? 

Phishing is a fraudulent attempt to gain sensitive information, data, or access, via email, text messages, or phone. Attackers usually disguise themselves as legitimate users and lure someone or businesses into providing the information. In this blog, we’re going to take a look at some of the most common but dangerous phishing threats.


5 Types of Phishing Threats 


1. Credential Cracking & Account Takeover (ATO) or Account Compromise

According to our previous blog, credential cracking commonly known as brute force attacks and it is when attackers deploy bots to try tremendous amounts of username-password combinations in an effort to break into user accounts. Many of these attacks target online shopping platforms as they tend to contain detailed customer information. Account takeover fraud occurs when attackers gain access to the users’ accounts and change critical information such as login credentials or financial information and unauthorized access of the real users. 


2. Lateral Phishing

Lateral phishing attacks occur when attackers take over any account inside your organization and act like they own the account. This can be very dangerous as they will use it to send other phishing emails within the same domain, as well as contacts outside the organization. This phishing attack is usually used for credential information theft rather than other purposes. 


3. Conversation Hijacking 

According to a new report released by Barracuda Networks, there has been a significant increase in email conversation hijackings. From July to November 2019, Barracuda found hat conversation hijacking increased by over 400 percent. The attackers usually use email-domain impersonation and pretend phishing emails were sent within the organization, in order to achieve their financial goals. 


4. Blackmail 

Known as extortion (or sextortion), attackers usually take advantage of the stolen data (login credentials, financial information, etc.) and contact the victims asking for money, claiming that they have compromising videos or photos of the victims. According to the FBI, the cost of extortion attacks, which includes blackmail, was more than $107 million in 2019. 


5. Brand Impersonation 

As one of the most common brand impersonations, brand hijacking occurs when attackers use renowned companies’ email domains and impersonate one of the employees from the organization. The attackers basically lure victims into responding and disclosing personal or otherwise sensitive information by hijacking or impersonating brands and companies. 

In order to prevent email phishing attacks, it’s important to protect your organization’s accounts with a multi-factor authentication solution. This allows the users to enjoy the support including one-time passwords, digital certification, and biometrics and effectively protects corporate accounts from unauthorized access. 

Penta Security’s ISign+ is certified as an encryption module by the Korean National Intelligence Service, it provides security as well as Single Sign-On features. With its all-in-one appliance, easy and fast installation process, your organization can gain the benefits of saving the management time and costs caused by increased users and business systems as well as Strengthens security by preventing duplicate logins through diversified access channels such as PC, mobile device, and tablet. 

Interested in deploying our solution? Contact us for more information.