Emerging threats that evade traditional defenses, credential theft, and business email compromise payment scams are on the rise 


IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global enterprises, today released its inaugural IRONSCALES Threat Index

ironscales-threat-index-thumbnails The IRONSCALES Threat Index: Q4'22/Q1'23 Edition, based on proprietary data analysis of millions of customer emails, highlights the evolving landscape of phishing and business email compromise (BEC) trends. From the dominance of unknown threats to the rise of credential theft and BEC scams, these findings shed light on the pressing cybersecurity challenges faced by organizations today. The IRONSCALES Threat Index encompasses email data across all of IRONSCALES Microsoft 365 and Google Workspace protected customers from October 2022 through March 2023. 

Key findings are summarized below:

  • Unknown Threats Continue To Dominate & Evade: In the six-month period, IRONSCALES saw nearly eight million phishing messages slip past traditional email defenses including Secure Email Gateways (SEGs). The majority (88%) of those messages were "unknown" threats, such as advanced phishing attacks that use social engineering tactics to create a false sense of trust and urgency to get the victim to act fast. These types of threats are particularly dangerous because they are highly targeted, have not been previously identified, and can evade traditional security measures. They can, however, be detected through a combination of AI and machine learning technologies and human insights – both of which are better equipped to identify anomalous behavior and threats.
  • Credential Theft Remains Top Concern for Financial Services & Others: Overall, known phishing attempts had a mild bump from the previous six months time period, increasing by just over 2%. However, credential theft in particular saw a steady incline. Nearly three-quarters (72%) of all known attempts were credential theft scams, representing a 10.5% increase from the previous six months. VIP impersonation also increased slightly. The top three industries impacted the most by known phishing attempts were financial services, industrials (manufacturing, construction, etc.), and computer hardware or software. 
  • Business Email Compromise Rises 35% Over Six-Month Period: Overall, business email compromise (BEC) scams increased by 35% from the previous six months. The total number of BEC attempts accounted for nearly one-tenth (8.8%) of all phishing scams. Notably, fake invoices involving a payment inquiry or wire-transfer request, accounted for nearly 70% of all BEC attempts, up from 57% the previous year. 

“Our inaugural IRONSCALES Threat Index reveals that the threat landscape continues to evolve and unknown threats are dominating and evading traditional email defenses. Only advanced artificial intelligence technologies combined with the power of human insights (HI) can detect these emerging threats,” said Eyal Benishti, co-founder and CEO, IRONSCALES. “With credential theft remaining a top concern for industries like financial services, and business email compromise scams increasing drastically in just six months, it's clear that organizations need to stay vigilant and leverage cutting-edge solutions, along with human insights to protect against these evolving threats.”

IRONSCALES is at the forefront of defending against sophisticated phishing and BEC attacks. As the only solution that leverages the power of AI and human insight, IRONSCALES equips enterprises worldwide with comprehensive tools to bolster their security posture against the constantly evolving threat landscape, from the known to the unknown.

Click to download an infographic of the IRONSCALES Threat Index: Q4’22/Q1’23 Edition, including a full list of how IRONSCALES defines various types of phishing and business email compromise. 

IRONSCALES is the leading cloud email security platform for the enterprise that uses machine learning and AI to stop advanced phishing attacks that bypass traditional security solutions. Its award-winning self-learning platform continuously detects and remediates advanced threats like Business Email Compromise (BEC), credential harvesting, Account Takeover (ATO), and more. As the most powerfully simple email security platform, IRONSCALES helps enterprises reduce risk, boost security team efficiency, and build a culture of cybersecurity awareness. IRONSCALES is headquartered in Atlanta, Georgia, and is proud to support more than 10,000 customers globally. Visit http://www.ironscales.com or @IRONSCALES to learn more.


Post by Jenna Knoblauch
May 8, 2023