The Role of Brand Impersonation and Industry Verticals in Email Threats

Email remains a crucial tool for business communication but also a major target for cybercriminals. This article explores how different industries are impacted by email threats and the growing problem of brand impersonation. By understanding these trends, businesses can better protect themselves against evolving cyber risks. 

Email Threat Index for Business Verticals 

One of the key areas we review on an annual (and monthly) basis, is the number of threats being levied at different industry verticals. This allows us to determine if there are dedicated campaigns or targeted attacks on specific industries. It also provides some insights that business leaders can use to help determine if they’re at increased risk of attack or not. 

Most notable in this year’s data is the fact that EVERY industry vertical saw a decrease of the associated email threat index. This correlates with our data above showing the number of emails classified as “Threats” and “AdvThreats” decreasing when compared with last year. 

That all said, there were some industries that were targeted slightly more than others. 

Mining industry 

Most mining organizations have the same types of problems and challenges as a manufacturing organization. They also commonly deal in precious metals, and this tends to make them a prime target for threat actors looking to use ransomware to extract money from the organization. 

Entertainment industry 

Organizations of this type typically fall into gambling, or tickets sales etc. These organizations have become a target due to the large amount of money involved.

Manufacturing 

The manufacturing space has a history of being targeted frequently by threat actors. This typically comes down to threat actors going after intellectual property for profit and / or ransom and many see this sector as an easy target for double-extortion and production disruption due to the nature of their network security and also the fact that they often utilize a large number of insecure Internet of Things (IoT) devices and programmable logic controllers (PLCs). 

The table below shows the threat index rating for major industry verticals. 

Annual Industry Threat Index 

NOTE: The threat index value is determined by the following calculation: 

Threat Index Percentage = number of malicious emails (Threat+AdvThreat) / (the number of malicious emails (Threat+AdvThreat) + the number of clean emails) multiplied by 100 – This excludes spam and info mail 

Note on methodology 

Different (sized) organizations receive a different absolute number of emails. Thus, we calculate the percent share of threat emails from each organization’s threat and clean emails to compare organizations. We then calculate the median of these percentage values for all organizations within the same industry to form the industry’s final threat score. 

Brand Impersonation 

Brand impersonation continues to be a major email attack technique targeting end users and businesses in 2024. 

The shipping company DHL has seen perhaps the most dramatic shift in brand impersonation attempts. The brand saw a mere fraction of impersonation attempts in 2024 vs. 2023. That said, it still remains in the number one spot on our most impersonated brands list, followed closely by FedEx. 

Shipping brands continue to be popular due to the fact that they can be easily incorporated in social engineering style attacks via phishing and smishing. Both attack styles boast a high degree of similarity to real communications from these organizations and easily trick less trained users into giving away personal details and / or payment information. 

Other notable data in this area: 

• The amount of FedEx and Facebook brand impersonations has tripled in the past year.
• The amount of Docusign brand impersonations has doubled over the data period.
• Mastercard and Netflix are two other notable brands that have seen noted increases as well.

Our full data over the reporting period has revealed most impersonated brands, as follows: 

Annual impersonated brands comparison 

Note: Brand impersonation data is heavily affected by regional variation. Several German brands are listed here due to our large customer base in Germany. 

Our analysis of 10,743,561 active mail-sending domains in 2024 reveals gaps in email authentication implementation, leaving many organizations vulnerable to brand impersonation attacks and email spoofing. 

Only 35.4% of analyzed domains have implemented DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocols, indicating that nearly two-thirds of domains lack this critical security measure. Just 16.6% of all domains utilize RUA (Aggregate Reporting URI) capabilities, which provides essential visibility into email authentication results. 

RUA (Aggregate Reporting URI) records are a vital component of DMARC that enables domain owners to receive detailed reports about emails sent using their domain. These reports include: 

• Volume of messages received 
• IP addresses sending mail on behalf of the domain 
• Authentication pass/fail rates 
• Sending sources and their compliance with domain policies 

Of the domains that have implemented DMARC, 47% are leveraging RUA capabilities, demonstrating that many organizations who adopt DMARC understand the value of monitoring and visibility. 

Through RUA monitoring, organizations are able to observe surges in spoofed emails originating from previously unknown IPs, enabling them to alert their customers about the specific phishing campaign. Financial institutions often utilize RUA monitoring to initiate takedown procedures within hours of a phishing campaign’s launch. 

---

Protect Your Domain with DMARC Manager 

Shield your organization from email impersonation, phishing, and spoofing with Hornetsecurity’s DMARC Manager. Our intuitive platform simplifies the management of DMARC, DKIM, and SPF, ensuring your domain’s authenticity and boosting trust in your brand. 

Key Benefits: 

• Credibility: Safeguard your brand’s reputation by preventing fraudulent emails. 
• Authenticity: Ensure your legitimate emails reach inboxes, not spam. 
• Insight: Gain clear visibility into email security and performance. 
• Simplicity: Easily manage security protocols across multiple domains with a user-friendly interface. 
• Take control of your email security today. 

---

Conclusion 

While email threats have decreased in some areas, targeted attacks and brand impersonation are still significant concerns. Businesses need to stay alert and adopt strong security measures, like DMARC Manager, to protect against these ever-changing threats. Staying proactive is key to keeping your organization safe.