Threats in corporate inboxes are hitting new highs, with one in four reported emails deemed malicious or untrustworthy. Nearly all — 99% — of these attacks take the form of email impersonation threats like business email compromise (BEC) and credential theft lures. These socially engineered scams rarely carry malware attachments or malicious links, allowing them to slip past traditional email security tools and land directly in end-user inboxes.
Our 2023 BEC Trends, Targets, and Changes in Techniques report highlights how cybercriminals continue to refine proven tactics while adopting new ones. The data uncovers:
Sender spoofing patterns and volumes
The role of free webmail providers in BEC attacks
The rise of hybrid vishing techniques
While the fundamentals of BEC remain consistent, threat actors are boosting success rates through third-party targeting, phishing-as-a-service (PhaaS), and increasingly AI-driven strategies. These enhancements raise the stakes for security teams, who must detect and neutralize sophisticated social engineering threats before employees are tricked.
By recognizing impersonation patterns and predicting attacker behavior, organizations can better defend against signatureless threats at scale.