Fraudsters find more success with getting phishing campaigns delivered as well as with open and click rates when sending from an existing, known and trusted email address. This may be why a recent report found that 20 percent of phishing email attacks against employees are sent from email addresses a fraudster has taken over. Most phishing attacks, however, are brand impersonation attacks, with Microsoft being the most impersonated.
For their Email Fraud & Identity Deception Trends report, Agari surveyed more than 300 US and UK businesses with 23,053 reported phishing incidents in the fourth quarter of 2018. Analysis found that 20 percent of these phishing emails came from compromised email accounts, while 67 percent impersonated a trusted brand with deception or a look-a-like domain.