Cyber Threats
FBI Warns of COVID Phishing Plus Email Examples
Trend Micro Cloud App Security 2020 detection results and customer examples.
Research overview
- Protecting against fraud emails in the COVID-19 era – Trend Micro Cloud App Security 2020 detection results and customer examples (Joyce Huang)
- What high-risk threats were missed by cloud email services’ built-in security – Trend Micro Cloud App Security 2020 detection results and customer examples (Joyce Huang)
In the midst of the COVID-19 pandemics, millions of people are now working from home around the globe. Email has become more imperative as a tool to communicate with peers and clients remotely. Unfortunately, malicious hackers are evolving, too. In March, 2020, the FBI saw an uptick on pandemic-related scams and warned the public to be cautious of both fake Centers of Disease Control and Prevention (CDC) emails and phishing emails. In December, 2020, it warned of COVID-19 vaccine scams trying to convince people to share personal information and pay out of pocket to obtain the vaccine.
Cloud-based email services all have built-in threat protection. Many organizations use third-party email gateway as well. However, those security filters may not be enough. Detections from Trend Micro Cloud App Security show that millions of threats manage to evade these protection layers.
Trend Micro™ Cloud App Security™ is an API-based service protecting Microsoft® Office 365™, Google Workspace, Box, Dropbox, and Salesforce. Using multiple advanced threat protection techniques, it acts as a second layer of protection after emails and files have passed through Exchange Online and Gmail’s built-in security.
In 2020, Trend Micro Cloud App Security caught 16.7 million high-risk email threats in addition to what Exchange Online and Gmail security have blocked. Those threats include 1.1 million malware, 15.2 million phishing attempts, and 317,500 BEC attempts. The blocked threats include 5.5 million of credential phishing and 179,000 of ransomware. These are potential attacks that could result in an organization’s monetary, productivity, or even reputation losses.
This is our fourth year of publishing the Cloud App Security threat report. Trend Micro Cloud App Security has continued to show proven protection for cloud email services and value to our customers. We have actual customer detection data for different environment scenarios below.
Customer examples: Additional detections for sample customers in three different Microsoft/Office 365 customer environments (2020 data)
| E3 only | Customer's # of users | Customer's industry | Microsoft/Office 365 Plan | Malware | Malicious & Phishing URL | BEC | Total High Risks Threats | |
| Customer #1 | 40,000 | Education | E3 | 280 | 67,181 | 8 | 67,469 | |
| Customer #2 | 10,000 | IT Services | E3 | 10,916 | 739,846 | 4,387 | 755,149 |
| E3 + Defender or E5 | Customer's # of users | Customer's industry | Microsoft/Office 365 Plan | Malware | Malicious & Phishing URL | BEC | Total High Risks Threats | |
| Customer #3 | 80,000 | Transportation | E3 + ATP | 89,579 | 247,176 | 6,679 | 343,434 | |
| Customer #4 | 10,000 | Entertainment | E5 | 1,424 | 91,298 | 1,149 | 93,871 |
| After 3rd party email gateway | Customer's # of users | Customer's industry | Microsoft/Office 365 Plan | Malware | Malicious & Phishing URL | BEC | Total High Risks Threats | |
| Customer #5 | 120,000 | Hospitality | E3 | 12,249 | 129,660 | 1,220 | 143,129 | |
| Customer #6 | 8,500 | IT Services | E5 | 176 | 4,117 | 234 | 4,527 |
Customer #1 and 2 both use E3 plan, which includes Exchange Online Protection. This data shows the value of adding Cloud App Security to enhance Microsoft 365 native security. For example, customer #2 is in IT Services industry with 10,000 E3 users found an additional 10,916 malware, 739,846 malicious & phishing URLs and 4,387 BEC. With the average cost of a BEC attack at $75,000 each and the potential losses and costs to recover from credential phishing and ransomware attacks, Trend Micro Cloud App Security pays for itself very quickly.
Customers #3 and #4 both use Microsoft Defender for Office 365, either through E5 or add-on. Take customer #3 for example. It is in transportation industry with 80,000 users of E3 and Defender detected an additional 89,579 malware, 247,176 malicious and phishing URLs, and 6,679 BEC in 2020 with Trend Micro Cloud App Security. Cloud App Security is proven to provide an additional layer of filtering for these customers.
For organizations choosing to use a third-party email gateway to scan emails before they are delivered to their cloud email environment, they also see value from us as many of the sneakiest and hardest to detect threats still slipped though. Plus, a gateway solution can’t detect internal email threats, which can originate from compromised devices or accounts within Exchange Online or Gmail.
Customer #5 and #6 both use E3 plus a gateway. Customer #5, a large hospitality organization with 120,000 E3 users globally with a third-party email gateway, stopped an additional 12,249 malware, 129,660 malicious and phishing emails, and 1,220 BEC in 2020 with Trend Micro Cloud App Security.
Customer examples: Additional detections for Gmail customers (2020 data)
| Customer's # of users | Customer's industry | Malware | Malicious & Phishing URL | BEC | Total High Risk Threats | |
| Customer #1 | 12,500 | Telecommunication | 826 | 30,762 | 527 | 32,115 |
| Customer #2 | 10,000 | Healthcare | 3,210 | 47,291 | 2,652 | 53,153 |
| Customer #3 | 1,000 | Retail | 76 | 4,266 | 282 | 4,624 |
| Customer #4 | 900 | Transportation | 218 | 3,828 | 47 | 4,093 |
For Gmail customers, Trend Micro Cloud App Security can provide additional protection as well. Take Gmail customer #1 for example, a telecommunication company with 12,500 users blocked 32,115 high risk threats with Cloud App Security in 2020.
Email gateways or built-in security for cloud email services are no longer enough to protect organizations from email-based threats. Organizations should consider a comprehensive multilayered security solution such as Trend Micro Cloud App Security. It supplements the included security features in email and collaboration platforms like Microsoft Office 365 and Google Workspace.
To combat BEC attacks, one unique technology of Trend Micro Cloud App Security is Writing Style DNA, an artificial intelligence (AI)-powered technology that can help detect email impersonation tactics. It uses AI to recognize a user’s writing style based on past emails and then compares it to suspected forgeries.
Now that more schemes use fake, legitimate-looking login webpages to deceive email users, Trend Micro Cloud App Security has a feature that combines AI and computer vision technology to help detect and block attempts at credential phishing in real time. A login page’s branded elements, login form, and other website components are checked by this tool to determine if a page is legitimate.
Check out the Trend Micro Cloud App Security Report 2020 to get more details on the type of threats blocked by this product and common email attacks analyzed by Trend Micro Research in 2020.