Email Classified as ‘Malicious’ by Employees Has Increased by 35% in the Last Year



employee-reporting-malicious-emailNew data shows Phishing, Vishing, Social Media attacks, and Microsoft 365 credential attacks are all on the rise as more users are demonstrating savviness around identifying malicious content.

I like hearing that more employees are “getting it” and are being vigilant when interacting with email. But it’s equally important to understand why. Is it because users are paying more attention, because there are more attacks, or both. The information found within PhishLabs’ latest Quarterly Threat Trends & Intelligence Report has a lot to say about the increasing state of cyberthreats and how users are reacting to them. According to the report:

  • Phishing volume is up nearly 32% year-over-year
  • Vishing incidents have more than doubled for the second consecutive quarter
  • Social Media threats are up 82% from January

So, it’s evident that attacks are increasing. Important to note, credential theft is also on the rise:

  • 59% of reported corporate emails were Credential Theft attempts
  • Of those, over half (51.6%) of the attacks reported targeted Microsoft 365 accounts

All this means you should be expecting more attacks from every possible threat vector in the near future. And while it appears from the PhishLabs data that more employees are reporting emails as being potentially malicious, they do report that the average employee within an organization only reports 3.3 suspicious emails per year. Considering, roughly one in every 300 emails is a phishing attack, there’s probably many more phishing emails that potentially can (and do) get through to the users Inbox.

It’s only through Security Awareness Training that users become more effective in identifying suspicious emails that may be harmful to the organization. And, while I’m happy to see the massive increase in employees reporting malicious emails, like me, you should want to see that percentage of vigilant employees in your organization be even higher.


Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/free-phish-alert

Topics: Phishing

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews