The digital landscape and threat trends are constantly evolving and innovating, and it is vital for organizations to stay in the loop in order to protect against attacks. Ensuring the security of a company’s data and other assets is a multifaceted task that requires security practices and solutions on many fronts, and email is a major one.
VIPRE Security Group recently released a report,
By analyzing nearly a billion malicious emails, the report draws attention to advanced threats and helps organizations understand the risks of email-based attacks. Some of the main findings of the report are detailed below.
Phishing is one of the most common and insidious types of attack, especially when it comes to email-based threats that are likely to endanger organizations.
It uses social engineering to deceive the target into sharing personal information, carrying out a transaction, or downloading malicious files.
The report found that 71% of phishing emails use links as their main form of bait, while 22% use attachments, and 7% use
The most commonly
Link phishing broken down by type reveals some significant changes from previous years as well. The second and fourth-most common types of phishing links were not even categories listed on the 2022 report, while number three saw a sharp decline in popularity from a previous 39%:
Compromised sites—45%
URL redirection—34%
Newly created domains—13%
File storage/cloud sharing—8%
Like links, phishing attachments by type show some surprising statistics. The most popular type of attachment is HTML, accounting for 52% of phishing attachments, but this number declined toward the year’s end. Malicious PDF files made up 26% of phishing attachments, EML files made up 20%, and ZIP files made up 2%.
Overall, the results show an even split between malspam attachments and links, a major shift from last year, when attachments were favored over links by 22%.
In Q1 of this year, malicious attachments outnumbered links by 38 times, but at the end of the year, links beat out attachments two to one.
Malicious links consisted of 57% compromised websites and 43% cloud storage.
Malware attacks came from many different actors this year, with several malware families trading off as the most popular each quarter:
While exploring the broad email threat trends from quarter to quarter and for the entire year, the report also takes time to draw attention to a few particular threats.
One type of attack leverages Google Groups, which allows the attacker to customize their display name, making it easier to deceive their target. These emails are mass distributed to all members of a Google Group, who have potentially been added to the group without their permission.
The scam consists of a fake purchase confirmation email for a fake order. The goal is for the target to think the email is a mistake and contact the “customer service” number or email provided by the attacker, at which point they share personal information with the scammers in their efforts to resolve the issue.
Phishing scams tend to spike around holiday periods, where consumers are busy making purchases, and the hectic holiday season makes people more likely to fall for the deception. These spam emails often claim to contain deals or sales for the target to take advantage of but actually contain links to phishing sites and other scam attempts.
The EML file type made the list of the most common phishing attachments for the first time this year, making it a rising threat. This is the format of an email that has been saved in plain text, and attackers attach it to a phishing email so the target will open the file. EML is rarely seen in a business context, so many users will open the file out of curiosity.
The file may contain plain ASCII text, hyperlinks, and attachments within. Attackers also favor corporate email footers in these attacks in order to lend them more credence.
With cybercriminals diversifying and innovating their attack methods, it is more important than ever to ensure that security doesn’t fall behind the curve. Traditional email security methods and solutions are not generally equipped to detect and identify many of the newer email-based attacks that bad actors are using.
The rise of QR codes, AI, and advances in malware have led to a threat landscape that is designed to circumvent known security practices and tools. Organizations must understand the threats facing them in order to assess risk and adequately protect against all forms of cyberattack, including email threats.