---
title: "Phishing Remains the Top Email Threat and Emerging Email Attack Trends by the Latest Abnormal Security Report | Phish Protection"
description: "Abnormal Security has released the H2 Email Security Threat report highlighting the top email security threats in the first six months of 2022."
image: "https://phishprotection.com/og/blog/phishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report.png"
canonical: "https://phishprotection.com/blog/phishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report/"
---

Quick Answer

Abnormal Security has released the \*\*H2 Email Security Threat report\*\* highlighting the top \[email security\](/resources/practices-for-email-security-learning-implementing-protecting) threats in the first six months of 2022\. This article shares key statistics, discovered trends, and revelations of the report.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Remains%20the%20Top%20Email%20Threat%20and%20Emerging%20Email%20Attack%20Trends%20by%20the%20Latest%20Abnormal%20Security%20Report&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report%2F&title=Phishing%20Remains%20the%20Top%20Email%20Threat%20and%20Emerging%20Email%20Attack%20Trends%20by%20the%20Latest%20Abnormal%20Security%20Report "Share on Reddit") [ ](mailto:?subject=Phishing%20Remains%20the%20Top%20Email%20Threat%20and%20Emerging%20Email%20Attack%20Trends%20by%20the%20Latest%20Abnormal%20Security%20Report&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/08/Key-Phishing-And-BEC-Statistics.jpg) 

Abnormal Security has released the **H2 Email Security Threat report** highlighting the top [email security](/resources/practices-for-email-security-learning-implementing-protecting) threats in the first six months of 2022\. This article shares key statistics, discovered trends, and revelations of the report.

[Phishing](/resources/what-is-phishing) is undoubtedly the **most significant** cybercrime today, a fact that has been proved once again by Abnormal Security’s latest Email Threat Report.

With a 48% increase in email attacks in the first two quarters of 2022 and 68.5% of these including **phishing links**, threat artists are continuously exploring phishing campaigns, with a chief focus on [brand impersonation](https://www.thesslstore.com/blog/what-is-brand-impersonation-a-look-at-mass-brand-impersonation-attacks/), with over 265 brands being impersonated for phishing. 

Let us look at the statistics, the most evolving email threats, and the principal findings of the report.

### Key Statistics of H2 Email Threat Report 2022

These are the critical findings of Abnormal Security’s Email Threat Report that will help paint a **vivid picture** of the current email attack scenario.

[BEC (Business Email Compromise)](https://www.microsoft.com/en-us/security/business/security-101/what-is-business-email-compromise-bec) attacks increased by 60% in the past 12 months.

There is an 89% probability of financial **supply chain compromise attacks** being received by enterprises, and that too per week.

Credential phishing attacks are becoming more popular, with 32% involving social network impersonation. 

Microsoft, e-commerce, and shipping account for 70% of impersonation in over 265 brands that were impersonated by threat actors in Q1 and Q2 2022.

![Key Phishing And BEC Statistics](https://media.mailhop.org/phishprotection/images/2022/08/Key-Phishing-And-BEC-Statistics.jpg) 

### Threat Actors Shift Attention to Emails Once Again

> “Zero-day phishing URLs have an average lifespan of just 12 hours before they’re added to blocklists. During that window, traditional signature-based filters are blind. Our real-time behavioral analysis catches these threats by pattern, not by signature - which is how we detect attacks that no database has seen yet.” - **Adam Lundrigan**, CTO, DuoCircle

Emails serve as the **primary method** of communication in the corporate world. Be it businesses, service providers, clientele, education, or healthcare; emails have their presence. The latest report has indicated that [threat actors](/phishing/threat-actors-target-western-digital-cripple-its-my-cloud-service) have begun targeting emails due to consistent invasion **success rates** and the involvement of **low costs** in compromising emails.

During the first six months of 2022, [email attacks](https://www.bleepingcomputer.com/news/security/new-qbot-email-attacks-use-pdf-and-wsf-combo-to-install-malware/) have surged by 48%, averaging 85.1 attacks per 1000 mailboxes. The all-time high for average email attacks is slightly over 100 per 1000 mailboxes in the month of May 2022\. As per the findings, email attacks subsided during the **holiday seasons** as employees engaging in malicious emails significantly reduced.

A similar break is observed in the **month of December**. But the volume of email attacks increased with the new year and was 170% higher than in 2021\. Phishing has been the most common cybercrime of the past 3 years, according to the FBI’s IC3 (Internet Crime Complaint)[reports](https://www.fbi.gov/news/press-releases/press-releases/fbi-releases-the-internet-crime-complaint-center-2020-internet-crime-report-including-covid-19-scam-statistics), a trend that continues, as evident below.

As shown, 68.47% of email attacks involve phishing, followed by scams at 8.35%, [malware](/content/protection-against-malware/types-of-malware) at 7.01%, BEC, extortion, and others.

![Zero day attack prevention](https://media.mailhop.org/phishprotection/images/2022/08/zero-day-attack-prevention-8568.jpg) 

### Brand Impersonation remains the Top Choice for Credential Phishers

[Credential phishing](https://www.indusface.com/blog/what-is-credential-phishing/) is a severe threat to organizations as cybercriminals can deploy countless costlier attacks once they gain entry to the organizational network using **employee credentials**.

According to the report, threat actors impersonate major brands worldwide to trick employees. These attacks create a **sense of haste** via emails of pending invoices , locking of accounts or compromised accounts, subscriptions, and more. Due to the risk of strict action or losing access, employees make missteps and end up losing credentials.

The average employee of any large organization manages[25 passwords](https://www.lastpass.com/state-of-the-password/global-password-security-report-2019), increasing to[85](https://www.lastpass.com/state-of-the-password/global-password-security-report-2019)for employees of smaller enterprises. _With employees **reusing passwords** an average of_\_[13 times](https://www.lastpass.com/state-of-the-password/global-password-security-report-2019), it becomes easy for cybercriminals to compromise multiple accounts at once.

After analyzing over 425,000 credential phishing attacks, the report revealed that **LinkedIn is the most impersonated** social platform. Most credential phishing attacks mimic social networks, followed by Microsoft, shipping, e-commerce, financial services, business, InfoSec, email service providers, file hosting services, telecoms, and streaming services. Here is an example of a Microsoft [phishing email](/content/protection-from-phishing/how-to-stop-phishing-emails).

Microsoft and its services are impersonated in 20% of all phishing incidents, with the attackers using the emails of [compromised accounts](https://www.cpomagazine.com/cyber-security/hackers-accessed-91-of-compromised-accounts-within-a-week-and-used-them-to-send-bulk-credential-phishing-messages/) to carry out **mass phishing** campaigns by utilizing genuine employee accounts, causing all kinds of havoc by hijacking conversations, redirecting payments, and requesting new funds.

_Furthermore, the number of brands impersonated comprised over 60 brands in **financial services**, followed by 45 in e-commerce and 38 in business management._

Threat actors usually impersonate the brands that carry better [ROIs (Return on Investment)](https://www.businessnewsdaily.com/4659-what-is-roi.html).

For example, American Express, Paypal, and Wells Fargo were imitated more than other financial services. The report reveals that the most targeted sectors are **educational institutions** and religious organizations, suffering nearly 36% of all attacks.

Other top targets include retail/consumer goods and manufacturing, followed by professional services, finance, and insurance.

### Surge in Business Email Compromise Attacks

BEC attacks are expanding as you **cannot recognize** them using the traditional [IOCs (Indicators of Compromise)](https://www.fortinet.com/resources/cyberglossary/indicators-of-compromise), and they generate significant ROIs for malicious artists. The report reveals that BEC attacks have risen from an average of 0.671 to 1.07 per 1000 mailboxes, growing 60% in the first 6 months of 2022, reaching their highest standard of 1.68 in May.

_BEC attacks dipped near Memorial Day and ricocheted in the middle of June 2022._ Another interesting thing is that smaller enterprises obtain more attacks at **1.65 per 1000 mailboxes** each week than their larger counterparts, i.e., organizations with over 50,000 employees who received only 0.45 [BEC attacks](https://www.bleepingcomputer.com/news/security/fbi-warns-that-bec-attacks-now-also-target-food-shipments/) per 1000 mailboxes per week.

The report shares how advertising and marketing agencies are at the **highest risk** of BEC attacks, followed by agriculture/mining/chemicals and educational institutions/religious organizations. You can see all affected industries below.

### Financial Supply Chain Compromise is the Most Evolving Email Threat of 2022

[CEO frauds](/phishing-awareness/ceo-fraud-scammers-impersonating-executives-protect) have not been thriving, as per the new data. Threat actors have shifted their attention to impersonating third parties instead of the **C-suite**, giving rise to the financial supply chain compromise.

As observed in BEC, financial supply chain compromise includes impersonating a trusted **third party** to gain entry instead of internal executives or employees.

Threat actors impersonate **known vendors** to request organizations to pay invoices, update billing details, or complete existing wire transfers. These attacks are successful as any organization works with a ton of vendors or [third parties](https://www.scmagazine.com/research-article/third-party-risk/security-pros-say-third-parties-are-increasingly-the-cause-of-cybersecurity-incidents) and often ends up getting scammed due to these attacks.

[Financial supply chain compromise](https://www.armorblox.com/blog/understanding-financial-supply-chain-compromise/) is the **fastest** growing threat of 2021 and 2022, with 1 in every 5 Abnormal customers getting targeted by these attacks in Q1 and Q2 of 2022.

Furthermore, larger enterprises with over 50,000 mailboxes are more likely to be victims of financial supply chain attacks with **an attack every week** of the year, as opposed to organizations with 10,000 or more mailboxes that only receive these three times in four weeks. Here is a look at the **probability** of any organization receiving a financial supply chain attack.

As you can see, the probability of these attacks is **directly proportional** to the number of mailboxes.

![Zero day attack prevention](https://media.mailhop.org/phishprotection/images/2022/08/zero-day-attack-prevention-8567.jpg) 

\*\* \*\*

### Final Words: How to Stop These Advanced Email Threats?

[Cybercrime](/phishing/cybercrimes-latest-matanbuchus-employed-phishing-campaign-infect-devices-cobalt-strike) is easy as it takes place behind the digital world and, as such, will continue to grow in complexity and attack surface as technologies and strategies emerge.

Employees are the **most targeted** in any organization, even though threat actors tend to shift their focus from one place to another, as evident by impersonation scams involving brands, C-suites, vendors, employees, and other parties. [Security awareness training](/content/phishing-awareness-training/security-awareness-training) is an effective tool in your arsenal against email cybercrime, but what’s better is stopping these attacks from ever reaching your workforce.

Organizations can easily identify, evaluate, and block email threats with **advanced AI-based tools** and adequate [phishing protection](/) solutions. The right technologies implemented the right way can empower any enterprise and significantly diminish cyberattacks, protecting them from advanced email attacks such as phishing, BEC, and supply chain compromise.

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Remains the Top Email Threat and Emerging Email Attack Trends by the Latest Abnormal Security Report","description":"Abnormal Security has released the H2 Email Security Threat report highlighting the top email security threats in the first six months of 2022.","url":"https://phishprotection.com/blog/phishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report/","datePublished":"2022-08-22T09:34:54.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-08-22T09:34:54.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1286,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/08/Key-Phishing-And-BEC-Statistics.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Remains the Top Email Threat and Emerging Email Attack Trends by the Latest Abnormal Security Report","item":"https://phishprotection.com/blog/phishing-remains-top-email-threat-emerging-email-attack-trends-latest-abnormal-security-report/"}]}
```