Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    One Out of Every Eight Emails Found to be Malicious as Attackers Continue to Hone Their Skills

    Email Found MaliciousAn increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks.

    According to Vipre Security’s Q3 Email Threat Trends Report 2023, of approximately 2 billion emails scanned, 233.9 million of them – or about 11.6% – were malicious. That equates to about 1 out of every 8 emails. Of those malicious emails, here’s the breakdown:

    • 118 million were determined to be malicious based on links
    • 110 million were determined to be malicious based on content
    • 4 million were determined to be malicious based on attachments, and…
    • 150,000 had “never seen before” behaviors

    Vipre highlighted some of the more common attack methods found with these emails:

    • PDF attachments – mostly to deliver QR codes or to obfuscate malicious links
    • Callback phishing – Where you get a fake invoice, etc. and the only way to communicate with the company to “dispute” the charge is to call them on the phone (that is, there’s no link)
    • BEC and “GPT” – it’s becoming commonplace to hear about even legitimate AI tools being used now to write professionally-written emails. Gone are the days of broken English emails.
    • Site Hopping – I recently wrote about this term. It’s where the functionality of a legitimate site is misused as part of the attack. Vipre mentions the misuse of LinkedIn smart links as redirects for mid-phishing attacks.

    Due to the increased number of emails potentially being malicious combined with the evasive techniques used to avoid detection, it’s necessary for the recipient to play a role in the organization’s cybersecurity. This shows the difference between a successful cyber attack and one that never got off the ground. The key differentiator is whether users remain vigilant when interacting online – something taught through continual security awareness training.

    Vipre is clear; we’re likely going to see more of the same, but an improved version. So keeping your users ready may make the difference.

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Email Security

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews