An analysis of over 7 billion emails processed by VIPRE Security Group worldwide during 2023 revealed that about one billion (15 percent) were found to be malicious, with users persistently duped by phony links and social engineering attacks remaining at an all-time high.

As dependence on email continues to expand, the sophistication and frequency of cyber threats aimed at our inboxes is also increasing. Phishing has historically remained a preferred tactic among cybercriminals, yet the utilization of malicious links within these emails has surged to unprecedented levels in Q2 2023, as outlined in VIPRE’s “Email Security in 2024: An Expert Look at Email-Based Threats.” The report reveals that an alarming 85 percent of phishing emails sent during this timeframe contained malicious links, often camouflaged as authentic URLs, enticing unsuspecting recipients to click on them.

The research warns that in 2024, QR code hacks or quishing will increase; use of AI to create content for spam emails including deepfakes will rise; highly personalized social media mining will grow further; and a wide array of file types and formats — especially EML — will be used to propagate phishing and malware attacks. State-sponsored attacks are also expected to experience a noticeable increase.

Financial services (22 percent) was the most targeted sector by phishing and malspam emails, followed by information technology (14 percent), healthcare (14 percent), education (10 percent), and government (8 percent). Information technology experienced a 59 percent increase in attacks between Q1 and Q4, while attacks on government inboxes went up by a staggering 16,000 percent.

Following are more key highlights from the report: 

Clean links are duping users — When it comes to the method of attack, threat actors this past year favored links over other delivery methods (like attachments and QR codes) nearly seven to one (71 percent). The year before, VIPRE saw a 50/50 split, but their popularity is improving as attackers are getting smarter about what kinds of links they leverage. Based on this current trend, the use of such links are expected to increase this year, although not in the ways we might assume.

EML attachments defy detection — While EML attachments were a present threat throughout 2023, they increased tenfold in Q4. The benefit of sending malicious payloads via EML file is that they can get easily overlooked by many basic email security solutions when attached to the actual phishing email (which comes out clean). The malicious directions, hidden in plaintext within the body of the EML, may then encourage users to navigate to a link, call a phone number, or otherwise engage in a scam. Partly because of the novelty of EML use, curious users are prone to open, follow, and fall prey.

Browsers under attack — Q4’s top malware family, AgentTesla, infiltrates a target machine and harvests sensitive data off any number of qualifying browsers. This shows that attackers are launching malware merely for reconnaissance now, as valuable artifacts like username, computer name, operating system, CPU name, RAM, and IP address may fetch more on the Dark Web than they could garner in a one-off attack.

Malware skyrockets — Email-delivered malware remains a favorite, increasing by 276 percent between January and December of last year. However, despite the boost, it accounted for only 5 percent of malspam overall, trailing commercial spam (“Deal Ends Now!”), general scams, and phishing. Perhaps threat actors have found that it’s easier to trick end users than security solutions, which do manage to snag malware despite falling behind in emerging tactics like social engineering attacks. Consequently, numbers are low. The real weak link remains humans, as the prevalence of social engineering attacks will attest; of all spam emails, 35 percent were scams, and 22 percent were phishing attempts.

“When you take a look at the kinds of [email] threats we’re seeing today, a lot of them are preventable,” stated Usman Choudhary, chief product officer and general manager, VIPRE. “It just takes the right tools, but most companies don’t know they exist because email doesn’t always get the same kind of security attention as the rest of the network. Unfortunately, threat actors know this.”