A recently published analysis from security analysts at Abnormal Security warns cybercriminals prefer email as the most direct route to compromising cybersecurity, according to Forbes.
Abnormal Security analysts examined real-world examples of email-based attacks used in 2024 and determined the following threat types as cyberattack strategies for which you must prepare.
- File-sharing phishing attacks. This email threat involves a cybercriminal using legitimate file-hosting or e-signature solutions—such as Dropbox or Docusign—to deceive the victim. These types of email attacks reportedly increased 350% between June 2023 and June 2024. Cybercriminals create malicious messages that are not a link in an email but rather a document hosted on a file-hosting platform.
- Multichannel phishing. An evolution of phishing tactics, multichannel phishing leverages multiple communication platforms to more effectively manipulate victims. Cybercriminals initiate contact through email but then move the conversation to channels such as text messages, phone calls or third-party messaging apps.
- Business email compromise attacks. These attacks involve cybercriminals impersonating trusted colleagues or authority figures to trick recipients into sharing sensitive information or completing fake financial requests. The report warned artificial intelligence helps this type of attack evolve: “By analyzing vast volumes of data from social media, online activity and past interactions, AI-powered platforms can generate hyper-personalized messages that convincingly mimic the writing style of the impersonated individual.”
- Email account takeover. The report said this could be the most dangerous email threat. It can be initiated using methods such as phishing, social engineering, password stuffing or session hijacking via authentication token theft or forgery. These attacks allow cybercriminals to “weaponize an account’s existing reputation, making malicious activities more difficult to detect.”
The Abnormal Security analysis said in 2025, financially motivated email attacks will rise significantly as AI technologies enhance the scale and sophistication of such attacks, posing challenges for businesses. Analysts also say misusing application programming interfaces—a set of rules or protocols that allows software applications to communicate with each other—will help automate a broad variety of malicious activities.
Learn how your company can be more cyber resilient and check out NRCA’s Cyber Liability Insurance Program.
