Email security threats have evolved significantly, with attackers now leveraging trusted relationships to infiltrate organizations. This shift away from exploiting technical vulnerabilities towards targeting behavioral patterns poses new challenges for cybersecurity.
Understanding the Shift in Email Attack Strategies
Recent analysis of 800,000 email attacks across 4,600 organizations reveals a strategic pivot by cybercriminals. Instead of focusing on technical flaws, attackers are now exploiting organizational and behavioral weaknesses. This trend highlights the importance of scrutinizing trusted relationships and routine workflows within companies.
The primary methods of email attacks include phishing, business email compromise (BEC), and vendor email compromise (VEC). Phishing remains the most common, comprising 58% of attacks, with BEC and VEC following. Abnormal AI’s 2026 Attack Landscape Report details these findings, emphasizing the tailored tactics used by attackers.
Phishing Tactics and Their Targets
Phishing tactics vary based on the target’s industry and role. For instance, file-sharing lures are prevalent in sectors where document exchange is frequent. Additionally, attackers mimic brand identities to exploit the software environments of specific targets. These tactics allow attackers to seamlessly integrate malicious activities into everyday workflows.
One notable strategy involves using redirect chains to hide the final malicious webpage, utilized by over 20% of phishing attacks. Link shorteners like tinyurl and t.co are also employed, complicating the detection process for security teams.
BEC and VEC: More Craftsmanship, Greater Impact
While less frequent than phishing, BEC and VEC attacks demand more sophisticated techniques and often result in greater impact. BEC typically targets employees within an organization, utilizing tactics like VIP impersonation and lateral attacks. Interestingly, the size of the organization influences the method used, with smaller companies facing more VIP impersonations.
VEC, a subtype of BEC, has become more prevalent, especially in North America and EMEA. These attacks exploit routine vendor-customer communications, making them difficult to detect. Invoice fraud and procurement-stage pretexts are common tactics, tailored to regional business practices.
Abnormal AI’s analysis underscores the evolution of email attacks from poorly crafted scams to highly targeted campaigns. While the role of AI in these attacks is uncertain, defensive AI offers promising solutions. By analyzing identity, context, and behavior, AI can establish baselines and detect anomalies, flagging potential threats before they become serious breaches.
In conclusion, as attackers refine their strategies, organizations must adapt by leveraging advanced technologies and fostering a culture of vigilance. Understanding these evolving threats and implementing proactive defenses are essential steps in safeguarding against this new wave of email security challenges.
