The quantity of emails involved in scams and cyber attacks continues to grow as credential theft and response-based phishing persist as top attack variants.
The ripple effect from cybercrime-as-a-service launching a few years back has reached critical mass, where we’re seeing significant increases in the percentage of emails that are either clearly determined to be malicious (7.7%) as well as those suspicious enough that users are recommended to not engage with (15.9%). This according to Fortra’s latest quarterly update, Phishing Trends and Tactics: Q1 of 2023.
Of those deemed malicious, 58% of them were related to credential theft attacks, with 40% of the emails involved in response-based phishing attacks. These details about the massive percentage of emails considered to be harmful to users and their organizations gives you a clear idea of what’s important to cybercriminals: they either want your credentials outright or are wanting to engage users with social engineering for purposes of digital fraud, access to social media and crypto wallets.
Also, when I think about the “one-quarter” stat and merge it with the fact that 1 in 8 malicious emails get past security solutions, you can do some quick math (or maths for my U.K. friends) and determine that literally 1 out of 32 emails sent gets to an inbox – making your users the last line of defense. Only those users that are able to interact with email and the web with a sense of cyber-vigilance – something taught through continual Security Awareness Training – will be able to distinguish malice and suspicion quickly and avoid engaging with such content.
Here's how it works:
