High-risk email security threats increased by 32% last year

Tried and tested email methods used to attack organizations

Mail on a fishing hook

High-risk email threats climbed by 32% compared to 2019, according to Trend Micro’s 2020 Cloud App Security Report.

The report found that detections of malware, credential theft, and phishing emails all recorded double-digit year-on-year increases in 2020, while business email compromise volumes dropped slightly.

The report gathered data from over 16.7 million high-risk email threats that Trend Micro’s Cloud App Security detected and blocked. The company said this was a 32% increase from the previous year. The report highlighted one example of an organization of 10,000 users where its system detected 755,000 high-risk email threats, which came out to 75 high-risk emails per user after scanning by the native Microsoft 365 security. 

Trend Micro also thwarted 10,000 malware files and over 4,300 BEC attempts for the same organization in 2020.

Trend Micro detected over 6.9 million phishing emails in 2020, a 19% increase from the previous year. Outside of credential phishing, the number of threats in this category increased 41% over the period. COVID-19 was a common enticement, as were well-known brands, such as Netflix, that have become increasingly popular during the pandemic. Attackers were typically looking for personal and financial information to monetize, according to the report.

Concerning credential phishing, Trend Micros detected nearly 5.5 million attempts to steal users’ credentials that existing cloud-native security filters allowed through. This was a 14% increase compared to 2019 and accounted for the vast majority of detected phishing emails.

 The report said hackers were increasingly complementing these with phone-based vishing attacks, which is when hackers call users via VoIP to trick them into logging into fake phishing sites to harvest their usernames and passwords. The hackers then use these credentials to look for administrator accounts within the network and cause substantial financial problems for the organization.

The FBI warned the public to be wary of such attacks, as the shift to remote work might have made organizations more vulnerable to vishing attacks, according to the report.

Related Resource

The State of Email Security 2020

Email security insights at your email perimeter, inside your organisation, and beyond

Email security insights at your email perimeter, inside your organisation, and beyondDownload now

One bright spot in the report was the 18% year-on-year decline in business email compromise (BEC) detections. However, average losses continue to rise — increasing 48% from the first to the second quarter of 2020. From $54,000 (the average cost of a fraudulent wire transfer in the first quarter of 2020), the amount has jumped to US$80,183 in the second quarter of the year, the report said.

Bharat Mistry, Technical Director UK at Trend Micro, told ITPro it should come as no surprise that email remains the number one threat vector for all organizations, no matter the size or vertical. 

"In 2020 we intercepted over 16 million high-risk emails containing malicious payloads that had been missed by native messaging providers. The problem is growing exponentially yet organizations still struggle to get a handle on it," Mistry said.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021