One Out of Every Eight Emails Found to be Malicious as Attackers Continue to Hone Their Skills

Email Found MaliciousAn increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks.

According to Vipre Security’s Q3 Email Threat Trends Report 2023, of approximately 2 billion emails scanned, 233.9 million of them – or about 11.6% – were malicious. That equates to about 1 out of every 8 emails. Of those malicious emails, here’s the breakdown:

  • 118 million were determined to be malicious based on links
  • 110 million were determined to be malicious based on content
  • 4 million were determined to be malicious based on attachments, and…
  • 150,000 had “never seen before” behaviors

Vipre highlighted some of the more common attack methods found with these emails:

  • PDF attachments – mostly to deliver QR codes or to obfuscate malicious links
  • Callback phishing – Where you get a fake invoice, etc. and the only way to communicate with the company to “dispute” the charge is to call them on the phone (that is, there’s no link)
  • BEC and “GPT” – it’s becoming commonplace to hear about even legitimate AI tools being used now to write professionally-written emails. Gone are the days of broken English emails.
  • Site Hopping – I recently wrote about this term. It’s where the functionality of a legitimate site is misused as part of the attack. Vipre mentions the misuse of LinkedIn smart links as redirects for mid-phishing attacks.

Due to the increased number of emails potentially being malicious combined with the evasive techniques used to avoid detection, it’s necessary for the recipient to play a role in the organization’s cybersecurity. This shows the difference between a successful cyber attack and one that never got off the ground. The key differentiator is whether users remain vigilant when interacting online – something taught through continual security awareness training.

Vipre is clear; we’re likely going to see more of the same, but an improved version. So keeping your users ready may make the difference.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews