Report: 15 Percent of All Emails Sent in 2023 Were Malicious

VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious.

This research warns that in 2024, QR code hacks or quishing will increase, use of AI to create content for spam emails including deepfakes will rise; highly personalized social media mining will grow further; and a wide array of file types and formats – especially EML – will be used to propagate phishing and malware attacks. There will also be a marked uptick in state-sponsored attacks.

As network security tools have improved in recent years, the corporate inbox has become an ever more attractive target to attackers. Often protected by nothing more than human nature and an antivirus, cybercriminals continue to use email to launch their most basic and persistent attacks. Now and again, they get a bit creative, which has come to bear in the past twelve months.

  • Clean links are duping users. When it comes to the method of attack, threat actors this past year favored links over other delivery methods (like attachments and QR codes) nearly seven to one (71%). The year before, VIPRE saw a 50/50 split, but their popularity is improving as attackers are getting smarter about what kinds of links they leverage. Based on this current trend, the use of such links are expected to increase this year, although not in the ways we might assume.
  • EML attachments defy detection. While EML attachments were a present threat throughout 2023, they increased tenfold in Q4. The benefit of sending malicious payloads via EML file is that they can get easily overlooked by many basic email security solutions when attached to the actual phishing email (which comes out clean). The malicious directions, hidden in plaintext within the body of the EML, may then encourage users to navigate to a link, call a phone number, or otherwise engage in a scam. Partly because of the novelty of EML use, curious users are prone to open, follow, and fall prey.
  • Browsers under attack. Q4’s top malware family, AgentTesla, infiltrates a target machine and harvests sensitive data off any number of qualifying browsers. This shows that attackers are launching malware merely for reconnaissance now, as valuable artifacts like username, computer name, operating system, CPU name, RAM, and IP address may fetch more on the Dark Web than they could garner in a one-off attack.
  • Malware skyrockets – still not top spot. Email-delivered malware remains a favorite, increasing by 276% between January and December of last year. However, despite the boost, it accounted for only 5% of malspam overall, trailing commercial spam (“Deal Ends Now!”), general scams, and phishing. Perhaps threat actors have found that it’s easier to trick end users than security solutions, which do manage to snag malware despite falling behind in emerging tactics like social engineering attacks. Consequently, numbers are low. The real weak link remains humans, as the prevalence of social engineering attacks will attest; of all spam emails, 35% were scams, and 22% were phishing attempts.
  • Targeted verticals. Financial services (22%) was the most targeted sector by phishing and malspam emails, followed by information technology (14%), healthcare (14%), education (10%), and government (8%). Information technology experienced a 59% increase in attacks between Q1 and Q4, whilst attacks on government inboxes went up by a staggering 16,000%.

“When you take a look at the kinds of [email] threats we’re seeing today, a lot of them are preventable. It just takes the right tools, but most companies don’t know they exist because email doesn’t always get the same kind of security attention as the rest of the network. Unfortunately, threat actors know this,” said Usman Choudhary, Chief Product Officer and General Manager, VIPRE Security Group.

To read the full report, click here.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.