Why spoof an email address for phishing messages when you can hijack an account and send them from the real one? That’s the theory behind account takeover (ATO) attacks, and it’s one being put into practice in a growing number of criminal cases.
According to a new report from Barracuda, which draws on a study that looked at 50 randomly selected organizations, nearly 40% of respondents reported at least one ATO attack in the second quarter of 2018.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
“On average, when a company got compromised, the compromise resulted in at least 3 separate account takeover incidents,” according to the report. Of the incidents, 78% resulted in phishing email being sent.
The report’s authors noted that their results could have underreported the actual incidence of ATO attacks since they relied on incidents reported by companies. Many organizations either aren’t aware that they’ve been the victim of such an attack or are reluctant to admit to having been victimized.
Read more: Dark Reading