GreatHorn’s 2017 Spear Phishing Report Shows that 91 Percent of Phishing Attacks are Display Name Spoofs

New Research Provides a Window into the Cybercriminal Playbook and Highlights their Favorite Tactics

BELMONT, Mass.--()--GreatHorn, the cybersecurity solution for cloud communication platforms, today announced the findings of its annual 2017 Global Spear Phishing Report. The company captured insights into the cybersecurity threats facing today’s enterprises by analyzing more than 56 million emails from 91,500 corporate mailboxes from March to November 2016. The report demonstrates the defensive measures many organizations must adopt to protect themselves in the face of highly-targeted, message-based threats.

The data found that display name spoofs are the clear phishing weapon of choice for cybercriminals. Attackers are increasingly relying on highly targeted, non-payload attacks that exploit trust and leverage pressure tactics to trick users into taking action that will put their organizations at risk. Of the more than 537,000 phishing threats GreatHorn detected in its research, 91 percent (490,557) contained characteristics of display name spoofs. Display name spoofs impersonate a person familiar to a business user in order to fool the recipient into thinking that the message came from a trusted source. It’s an extremely effective tactic against a workforce deluged with incoming communications all day, every day. Direct spoofs were the second most popular attack type (8 percent), and domain lookalikes made up less than 1 percent of phishing attacks.

“Stopping spear phishing attacks isn’t as simple as pushing a button; the sheer volume of these attacks, coupled with the size of the attacks surface and security resource constraints, makes it impossible to mitigate risk solely via human intervention, no matter how much you try to train your end users,” said GreatHorn Co-Founder and CEO Kevin O’Brien. “A true defense-in-depth strategy for protecting against these attacks requires unified visibility and control, coupled with risk-appropriate automation, across an organization’s entire communications infrastructure.”

Key findings from the research include:

Enterprises Reluctant to Leverage Automation

  • Data shows that security and IT professionals are often indecisive in how they handle a phishing attempt that has been flagged, as 41 percent take no action and only 33 percent alert an admin.
  • Of those organizations that did act on a flagged communication, 7 percent moved it to a folder, 6 percent added a label (G Suite) or category (Office 365), 2 percent moved to trash and 1 percent quarantined the message.

Email Authentication Frameworks Are an Essential Component of Email Security – But Rarely Fully Used

  • 80 percent of companies had minor authenticity issues, 10 percent had major authenticity issues and 15 percent had no email authentication at all. These last two statistics are troubling because, when combined with a robust data set that spans hundreds of millions of senders and messages, authenticity can be used as a major component of risk identification.
  • Sender Policy Frameworks (SPF) are the most popular as 75 percent of enterprises have it enabled.
  • DKIM (DomainKey Identified Mail) provides cryptographic proof that a messages was sent from a specific sender but is used by a little over half of respondents (53 percent).
  • Finally, DMARC (Domain-based Message Authentication) check for alignment between the apparent sender of a message and its SPF and DKIM headers. Because of its added complexity, it’s only enabled in 21 percent of the enterprises that were analyzed. However, the value of correctly implementing it is clear, as the dataset shows that organizations with correct and complete authentication records receive less than a quarter (23%) of the threats that those without received.

Cybercriminals are a Persistent, Ever-Present Threat

  • GreatHorn found that roughly 1 percent of all emails to business users contained email that contained specific characteristics that were deemed “risky” - a figure may seem low until the volume of emails that workers send and receive is taken into consideration. The Radicati Group’s Email Statistics Report, 2015-2019 shows that the average worker received 122 business emails per day in 2015, and this number is expected to grow through 2019. This means that the average business user faces at least one risky email per day, and it’s safe to assume that executives receive exponentially more attention.

For more information on GreatHorn’s 2017 Spear Phishing Report, please click here.

About GreatHorn

GreatHorn is the cybersecurity solution for cloud communication platforms. The company’s flagship product is the only solution that can automatically detect and remediate targeted social engineering attacks in today’s leading communication systems including Google Apps, Office 365 and Slack. With its proprietary dataset built from hundreds of millions of uniquely analyzed threats, GreatHorn combines the intelligence, fidelity, and precision necessary to prevent attacks from becoming breaches. For more information on the company, visit or you can follow GreatHorn on LinkedIn, Twitter and Facebook.


For GreatHorn
Tim Morin, 617-986-5015

Release Summary

GreatHorn’s annual 2017 Global Spear Phishing Report found that 91% of phishing attacks use display name spoofs.


For GreatHorn
Tim Morin, 617-986-5015