An increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks.
According to Vipre Security’s Q3 Email Threat Trends Report 2023, of approximately 2 billion emails scanned, 233.9 million of them – or about 11.6% – were malicious. That equates to about 1 out of every 8 emails. Of those malicious emails, here’s the breakdown:
- 118 million were determined to be malicious based on links
- 110 million were determined to be malicious based on content
- 4 million were determined to be malicious based on attachments, and…
- 150,000 had “never seen before” behaviors
Vipre highlighted some of the more common attack methods found with these emails:
- PDF attachments – mostly to deliver QR codes or to obfuscate malicious links
- Callback phishing – Where you get a fake invoice, etc. and the only way to communicate with the company to “dispute” the charge is to call them on the phone (that is, there’s no link)
- BEC and “GPT” – it’s becoming commonplace to hear about even legitimate AI tools being used now to write professionally-written emails. Gone are the days of broken English emails.
- Site Hopping – I recently wrote about this term. It’s where the functionality of a legitimate site is misused as part of the attack. Vipre mentions the misuse of LinkedIn smart links as redirects for mid-phishing attacks.
Due to the increased number of emails potentially being malicious combined with the evasive techniques used to avoid detection, it’s necessary for the recipient to play a role in the organization’s cybersecurity. This shows the difference between a successful cyber attack and one that never got off the ground. The key differentiator is whether users remain vigilant when interacting online – something taught through continual security awareness training.
Vipre is clear; we’re likely going to see more of the same, but an improved version. So keeping your users ready may make the difference.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.