Armorblox Email Security Threat Report Reveals Huge Uptick in Language-Based Business Email Compromise Attacks

BEC Attacks Have Risen More Than 53% Year-Over-Year; Nearly 75% of BEC Emails Use Language as the Main Attack Vector

SUNNYVALE, Calif., May 26, 2022 – Armorblox, today released its 2022 Email Security Threat Report, which highlights the use of language-based attacks that bypass existing email security controls. The inaugural report uncovers how the continued increase in remote work has made critical business workflows even more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft.

The Armorblox report is based on data gathered across 58,000+ customer tenants, end-user feedback, and threat research. It documents both the rise in targeted attacks and the increased sophistication, accuracy, and financial impact of email-based attacks.

Key findings in the report include:

  • Language-based attacks have become the new normal for business email compromise (BEC) with 74% of these attacks using language as the main attack vector.
  • Attackers have realized that many critical business workflows happen over email. As a result, this has become the primary attack mechanism for credential phishing. Notably, 87% of credential phishing attacks looked like legitimate common business workflows in order to trick end users into engaging with the email.
  • Security teams spend a massive amount of time configuring rules and exceptions in their email security solutions to block impersonation emails – both for executives and other employees. Despite all of that manual work and rule writing, 70% of impersonation emails evaded email security controls.
  • The rise of SaaS solutions driving business workflows has also created a huge surge in brand impersonation of companies in this space. Dropbox, Microsoft, and DocuSign were among the most impersonated brands in 2021.

“Based on threats analyzed by Armorblox across our customer base of over 58,000 organizations, we see a sharp increase in email attacks targeting critical business workflows. These use language as the primary attack vector and impersonate VIPs, known vendors, and SaaS applications,” said DJ Sampath, Co-founder and CEO of Armorblox. “It is critical that organizations augment their existing email security stack with modern API-based solutions that build custom models specifically focused on these targeted attacks. The Armorblox email security platform is API-based, cloud-delivered, and analyzes more than 2.5 billion emails every month. It prevents targeted attacks, stops sensitive data leaks, and automates email security operations.”

Attackers are moving away from decades-old approaches that use malicious links or attachments in broad-based attack campaigns, to targeted attacks where the language in the email is used to compromise a user’s trust. The Armorblox 2022 Email Security Threat Report presents the associated trends for targeted email attacks across the four most prevalent threat types – BEC, financial fraud, phishing attacks, and impersonation attacks.

To learn more, download a copy of the 2022 Email Security Threat Report here.

About Armorblox

Armorblox secures enterprise communications over email and other cloud office applications with the power of Natural Language Understanding. The Armorblox platform connects over APIs and analyzes thousands of signals to understand the context of communications and protect people and data from compromise. Over 58,000 organizations use Armorblox to stop BEC and targeted phishing attacks, protect sensitive PII and PCI, and automate remediation of user-reported email threats. Armorblox was featured in the 2019 Forbes AI 50 list and was named a 2020 Gartner Cool Vendor in Cloud Office Security. Founded in 2017, Armorblox is headquartered in Sunnyvale, CA and backed by General Catalyst and Next47.

To learn more about Armorblox, visit

All product and company names herein may be trademarks of their respective owners.

Armorblox Contact
Lauryn Cash