The digital landscape and threat trends are constantly evolving and innovating, and it is vital for organizations to stay in the loop in order to protect against attacks. Ensuring the security of a company’s data and other assets is a multifaceted task that requires security practices and solutions on many fronts, and email is a major one.

VIPRE Security Group recently released a report, “Email Security in 2024: An Expert Look at Email-Based Threats,” exploring the developing technological and tactical trends that cybercriminals are turning to this year.

By analyzing nearly a billion malicious emails, the report draws attention to advanced threats and helps organizations understand the risks of email-based attacks. Some of the main findings of the report are detailed below.

Phishing Trends

Phishing is one of the most common and insidious types of attack, especially when it comes to email-based threats that are likely to endanger organizations.

It uses social engineering to deceive the target into sharing personal information, carrying out a transaction, or downloading malicious files.

The report found that 71% of phishing emails use links as their main form of bait, while 22% use attachments, and 7% use QR codes.

The most commonly spoofed URL by a wide margin is Microsoft, followed by Apple, DHL, and Google. The list is different from previous years in the lack of Spotify and Zoom, which have been frequently spoofed in recent reports. This may be reflective of a shift away from remote and hybrid working environments.

Link phishing broken down by type reveals some significant changes from previous years as well. The second and fourth-most common types of phishing links were not even categories listed on the 2022 report, while number three saw a sharp decline in popularity from a previous 39%:

Compromised sites—45%
URL redirection—34%
Newly created domains—13%
File storage/cloud sharing—8%

Like links, phishing attachments by type show some surprising statistics. The most popular type of attachment is HTML, accounting for 52% of phishing attachments, but this number declined toward the year’s end. Malicious PDF files made up 26% of phishing attachments, EML files made up 20%, and ZIP files made up 2%.

Malware Trends

Malspam, spam emails delivering malicious payloads, can be a serious threat to an organization’s data, devices, and systems. According to the report, there are some interesting trends in malspam statistics throughout the year.

Overall, the results show an even split between malspam attachments and links, a major shift from last year, when attachments were favored over links by 22%.

In Q1 of this year, malicious attachments outnumbered links by 38 times, but at the end of the year, links beat out attachments two to one.

Malicious links consisted of 57% compromised websites and 43% cloud storage. Malicious attachments were made up of 35% PDFs, 20% ONEs, and 16% DOC files. The remaining portion of attachment types included XLSX, HTML, ISO, and more.

Malware attacks came from many different actors this year, with several malware families trading off as the most popular each quarter:

Q1 AsyncRAT—Legitimate administrative tool misappropriated by cybercriminals to remotely monitor and control target systems.

Q2 Qbot—Delivered via compromised email threads, usually with a link to a compromised website or newly created domain.

Q3 RedLine—Sent via Office docs and PDFs, allows an attacker to take complete control of the target device and exfiltrate sensitive information.

Q4 AgentTesla—Designed to target Windows systems, related to Remote Access Trojans (RATs)

Highlighting Specific Risks

While exploring the broad email threat trends from quarter to quarter and for the entire year, the report also takes time to draw attention to a few particular threats.

Google Groups Scam

One type of attack leverages Google Groups, which allows the attacker to customize their display name, making it easier to deceive their target. These emails are mass distributed to all members of a Google Group, who have potentially been added to the group without their permission.

The scam consists of a fake purchase confirmation email for a fake order. The goal is for the target to think the email is a mistake and contact the “customer service” number or email provided by the attacker, at which point they share personal information with the scammers in their efforts to resolve the issue.

Holiday Spammers

Phishing scams tend to spike around holiday periods, where consumers are busy making purchases, and the hectic holiday season makes people more likely to fall for the deception. These spam emails often claim to contain deals or sales for the target to take advantage of but actually contain links to phishing sites and other scam attempts.

EML File Attachments

The EML file type made the list of the most common phishing attachments for the first time this year, making it a rising threat. This is the format of an email that has been saved in plain text, and attackers attach it to a phishing email so the target will open the file. EML is rarely seen in a business context, so many users will open the file out of curiosity.

The file may contain plain ASCII text, hyperlinks, and attachments within. Attackers also favor corporate email footers in these attacks in order to lend them more credence.

Conclusion

With cybercriminals diversifying and innovating their attack methods, it is more important than ever to ensure that security doesn’t fall behind the curve. Traditional email security methods and solutions are not generally equipped to detect and identify many of the newer email-based attacks that bad actors are using.

The rise of QR codes, AI, and advances in malware have led to a threat landscape that is designed to circumvent known security practices and tools. Organizations must understand the threats facing them in order to assess risk and adequately protect against all forms of cyberattack, including email threats.