In the ever-evolving landscape of cybersecurity, malicious emails remain a primary attack vector for cybercriminals. While we often associate phishing attempts with unknown or suspicious senders, a concerning trend has emerged: an increasing number of malicious emails are coming from familiar contacts—people we talk to every day. As an IT company, it’s crucial to educate employees about this shift and reinforce the importance of vigilance when interacting with common recipients.
The Alarming Statistics
According to the 2024 Annual State of Email Security Report by Cofense, the situation is dire. Here are some key findings from their report:
Malicious Emails Bypassing Secure Email Gateways (SEGs)
- In just two years, Cofense’s Phishing Detection and Response Platform identified over 1.5 million malicious emails that bypassed customers’ SEGs.
- This represents a 37% increase in threats compared to 2022 and a staggering 310% increase over 2021.
- To put it into perspective, Cofense detected at least one malicious email bypassing SEGs every 57 seconds.
Credential Phishing Surge
- Threat actors favor credential phishing as their preferred method.
- In 2024, there was a 67% increase in volume compared to the previous year.
Evolution of Phishing Tactics
- Phishing campaigns have evolved beyond traditional emails.
- Tactics like vishing (voice phishing), smishing (SMS phishing), brand impersonation, and QR code phishing are on the rise.
- QR code active threat reports (ATRs) saw a staggering 331% increase in 2023.
Targeted Industries
- Healthcare and finance sectors remain the top targets for malicious emails bypassing SEGs.
- These industries experienced an 84.5% and 118% increase, respectively.
Why Vigilance Matters
Trust Can Be Exploited
- Cybercriminals capitalize on trust. When an email comes from a familiar sender, recipients are more likely to let their guard down.
- Malicious actors impersonate colleagues, managers, or clients, making it harder to discern genuine communication from phishing attempts.
Sophisticated Attacks
- Malicious emails from common recipients often use sophisticated techniques.
- They may contain seemingly harmless attachments or links that lead to credential theft, malware installation, or data breaches.
Relying on SEGs Is Not Enough
- Secure email gateways struggle to keep pace with evolving threats.
- Enterprises must adopt a proactive approach beyond relying solely on SEGs.
Best Practices for Employees
Read Carefully:
- Slow down and read email prompts thoroughly.
- Pay attention to details, especially when the sender is someone you know.
Verify Suspicious Requests:
- If an email requests sensitive information, money transfers, or urgent actions, verify it independently.
- Contact the sender through a different channel (e.g., phone call) to confirm.
Stay Educated:
- Regularly train employees in phishing awareness.
- Teach them to recognize red flags, even when emails come from familiar sources.
Stay Vigilant
Always prioritize ongoing education and awareness. Encourage employees to stay vigilant, question unexpected requests, and report any suspicious emails promptly. In the battle against cyber threats, knowledge and caution are our best defenses.
Note: The statistics and insights mentioned in this article are based on the Cofense Annual Report. Always consult your organization’s IT policies and guidelines for specific instructions related to email security.
