Nearly One-Quarter of All Emails Are Considered to be Malicious

Malicious EmailsThe quantity of emails involved in scams and cyber attacks continues to grow as credential theft and response-based phishing persist as top attack variants.

The ripple effect from cybercrime-as-a-service launching a few years back has reached critical mass, where we’re seeing significant increases in the percentage of emails that are either clearly determined to be malicious (7.7%) as well as those suspicious enough that users are recommended to not engage with (15.9%). This according to Fortra’s latest quarterly update, Phishing Trends and Tactics: Q1 of 2023.

Of those deemed malicious, 58% of them were related to credential theft attacks, with 40% of the emails involved in response-based phishing attacks. These details about the massive percentage of emails considered to be harmful to users and their organizations gives you a clear idea of what’s important to cybercriminals: they either want your credentials outright or are wanting to engage users with social engineering for purposes of digital fraud, access to social media and crypto wallets.

Also, when I think about the “one-quarter” stat and merge it with the fact that 1 in 8 malicious emails get past security solutions, you can do some quick math (or maths for my U.K. friends) and determine that literally 1 out of 32 emails sent gets to an inbox – making your users the last line of defense. Only those users that are able to interact with email and the web with a sense of cyber-vigilance – something taught through continual Security Awareness Training – will be able to distinguish malice and suspicion quickly and avoid engaging with such content.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews