Abnormal Security released a report on the current email threat landscape and found a spike in credential phishing attacks over the last year. The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cybercriminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products. LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. Over a third of the phishing attacks targeted educational institutions and religious organizations. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts.