IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

High-risk email security threats increased by 32% last year

Tried and tested email methods used to attack organizations

Mail on a fishing hook

High-risk email threats climbed by 32% compared to 2019, according to Trend Micro’s 2020 Cloud App Security Report.

The report found that detections of malware, credential theft, and phishing emails all recorded double-digit year-on-year increases in 2020, while business email compromise volumes dropped slightly.

The report gathered data from over 16.7 million high-risk email threats that Trend Micro’s Cloud App Security detected and blocked. The company said this was a 32% increase from the previous year. The report highlighted one example of an organization of 10,000 users where its system detected 755,000 high-risk email threats, which came out to 75 high-risk emails per user after scanning by the native Microsoft 365 security. 

Trend Micro also thwarted 10,000 malware files and over 4,300 BEC attempts for the same organization in 2020.

Trend Micro detected over 6.9 million phishing emails in 2020, a 19% increase from the previous year. Outside of credential phishing, the number of threats in this category increased 41% over the period. COVID-19 was a common enticement, as were well-known brands, such as Netflix, that have become increasingly popular during the pandemic. Attackers were typically looking for personal and financial information to monetize, according to the report.

Concerning credential phishing, Trend Micros detected nearly 5.5 million attempts to steal users’ credentials that existing cloud-native security filters allowed through. This was a 14% increase compared to 2019 and accounted for the vast majority of detected phishing emails.

 The report said hackers were increasingly complementing these with phone-based vishing attacks, which is when hackers call users via VoIP to trick them into logging into fake phishing sites to harvest their usernames and passwords. The hackers then use these credentials to look for administrator accounts within the network and cause substantial financial problems for the organization.

The FBI warned the public to be wary of such attacks, as the shift to remote work might have made organizations more vulnerable to vishing attacks, according to the report.

Related Resource

The State of Email Security 2020

Email security insights at your email perimeter, inside your organisation, and beyond

Email security insights at your email perimeter, inside your organisation, and beyondDownload now

One bright spot in the report was the 18% year-on-year decline in business email compromise (BEC) detections. However, average losses continue to rise — increasing 48% from the first to the second quarter of 2020. From $54,000 (the average cost of a fraudulent wire transfer in the first quarter of 2020), the amount has jumped to US$80,183 in the second quarter of the year, the report said.

Bharat Mistry, Technical Director UK at Trend Micro, told ITPro it should come as no surprise that email remains the number one threat vector for all organizations, no matter the size or vertical. 

"In 2020 we intercepted over 16 million high-risk emails containing malicious payloads that had been missed by native messaging providers. The problem is growing exponentially yet organizations still struggle to get a handle on it," Mistry said.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

SOC modernisation and and the role of XDR
Whitepaper

SOC modernisation and and the role of XDR

16 Mar 2023
Analysing the economic benefits of Trend Micro Vision One
Whitepaper

Analysing the economic benefits of Trend Micro Vision One

16 Mar 2023
More than a number: Your risk score explained
Whitepaper

More than a number: Your risk score explained

16 Mar 2023
The IT manager's guide to getting home in time for dinner
Whitepaper

The IT manager's guide to getting home in time for dinner

15 Mar 2023

Most Popular

The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
HMRC lost nearly 50% more devices in 2022
Hardware

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
Why – and how – IP can be the hero in your digital transformation success story
Sponsored

Why – and how – IP can be the hero in your digital transformation success story

6 Mar 2023