Display name deception is the most common type of email attack, a new report found, eroding brand trust through the impersonation of well-known companies.

Email Fraud & Identity Deception Trends: Insights from the Agari Identity Graph” is a quarterly analysis of statistics and attack samples captured by Agari, a company that uses AI to protect against email and phishing scams.

For this Q4 report, Agari examined its own customer base from July 1 through October 31 and crawled publicly-available DNS information for comparison.

Agari found that 62 percent of advanced email attacks leverage display name deception and more than half use trusted brand names as a way to trick recipients. Microsoft and Amazon are the impersonated brands in digital deception-based attacks, at 36 percent and 27 percent, respectively.

Posing as service updates, security alerts and password resets, these brands have become attractive disguises for fraudsters. Out of all the attacks Agari observed, 54 percent impersonated trusted brands and eight percent impersonated individuals.

“The risk is that a successfully compromised Office 365 or AWS account may be used to launch subsequent attacks that are even harder to detect,” warned Agari, noting that three percent of Q3 attacks originated from compromised email accounts.

In terms of impersonation attacks targeting executives, Microsoft is far and away the favorite brand used by email fraudsters, representing 7 out of 10 brand impersonations followed distantly by Dropbox.

Agari states that “file sharing services such as Dropbox or OneDrive are common impersonation targets because they can link to a file with embedded malware and are common within many companies, lowering user scrutiny of the message.”

Business email compromise is a huge problem—to the tune of $12 billion—according to the Federal Bureau of Investigation (FBI). To help combat this problem, more brands are adopting domain-based Message Authentication (DMARC).