var breeze_prefetch = {"local_url":"https:\/\/emailexpert.com","ignore_remote_prefetch":"1","ignore_list":["\/cart\/","\/checkout\/","\/my-account\/","\/big-list-of-email-vendors-and-email-service-providers\/","wp-admin","wp-login.php"]};
var wc_add_to_cart_params = {"ajax_url":"\/wp-admin\/admin-ajax.php","wc_ajax_url":"\/?wc-ajax=%%endpoint%%","i18n_view_cart":"View cart","cart_url":"https:\/\/emailexpert.com\/cart\/","is_cart":"","cart_redirect_after_add":"no"};
var MyListing = {"Helpers":{},"Handlers":{},"MapConfig":{"ClusterSize":35,"AccessToken":"pk.eyJ1IjoiYWdlbmN5Y20iLCJhIjoiY2pxZThoaWt4NGNxODQ4bGNhdDIzZ3c4ZSJ9.7D0heKBc8apZRySQBXQI2g","Language":false,"TypeRestrictions":[],"CountryRestrictions":[],"CustomSkins":{}}};
VIPRE Security Group, a brand of Ziff Davis, released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats.” The 2024 predictions for email security in this report are based on an analysis of more than 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious.
This research warns that in 2024, QR code hacks or quishing will increase, use of AI to create content for spam emails including deepfakes will rise; highly personalised social media mining will grow further; and a wide array of file types and formats – especially EML – will be used to propagate phishing and malware attacks. There will also be a marked uptick in state-sponsored attacks.
Key highlights As network security tools have improved in recent years, the corporate inbox has become an ever more attractive target to attackers. Often protected by nothing more than human nature and an antivirus, cybercriminals continue to use email to launch their most basic and persistent attacks. Now and again, they get a bit creative, which has come to bear in the past twelve months.
Clean links are duping users. When it comes to the method of attack, threat actors this past year favored links over other delivery methods (like attachments and QR codes) nearly seven to one (71%). The year before, VIPRE saw a 50/50 split, but their popularity is improving as attackers are getting smarter about what kinds of links they leverage. Based on this current trend, the use of such links are expected to increase this year, although not in the ways we might assume.
EML attachments defy detection. While EML attachments were a present threat throughout 2023, they increased tenfold in Q4. The benefit of sending malicious payloads via EML file is that they can get easily overlooked by many basic email security solutions when attached to the actual phishing email (which comes out clean). The malicious directions, hidden in plaintext within the body of the EML, may then encourage users to navigate to a link, call a phone number, or otherwise engage in a scam. Partly because of the novelty of EML use, curious users are prone to open, follow, and fall prey.
Browsers under attack. Q4’s top malware family, AgentTesla, infiltrates a target machine and harvests sensitive data off any number of qualifying browsers. This shows that attackers are launching malware merely for reconnaissance now, as valuable artifacts like username, computer name, operating system, CPU name, RAM, and IP address may fetch more on the Dark Web than they could garner in a one-off attack.
Malware skyrockets – still not top spot. Email-delivered malware remains a favorite, increasing by 276% between January and December of last year. However, despite the boost, it accounted for only 5% of malspam overall, trailing commercial spam (“Deal Ends Now!”), general scams, and phishing. Perhaps threat actors have found that it’s easier to trick end users than security solutions, which do manage to snag malware despite falling behind in emerging tactics like social engineering attacks. Consequently, numbers are low. The real weak link remains humans, as the prevalence of social engineering attacks will attest; of all spam emails, 35% were scams, and 22% were phishing attempts.
Targeted verticals. Financial services (22%) was the most targeted sector by phishing and malspam emails, followed by information technology (14%), healthcare (14%), education (10%), and government (8%). Information technology experienced a 59% increase in attacks between Q1 and Q4, whilst attacks on government inboxes went up by a staggering 16,000%.
“When you take a look at the kinds of [email] threats we’re seeing today, a lot of them are preventable. It just takes the right tools, but most companies don’t know they exist because email doesn’t always get the same kind of security attention as the rest of the network. Unfortunately, threat actors know this,” said Usman Choudhary, general manager, VIPRE Security Group.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
We use cookies to optimize our website and our service.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":false,"isScriptDebug":false},"i18n":{"shareOnFacebook":"Share on Facebook","shareOnTwitter":"Share on Twitter","pinIt":"Pin it","download":"Download","downloadImage":"Download image","fullscreen":"Fullscreen","zoom":"Zoom","share":"Share","playVideo":"Play Video","previous":"Previous","next":"Next","close":"Close","a11yCarouselPrevSlideMessage":"Previous slide","a11yCarouselNextSlideMessage":"Next slide","a11yCarouselFirstSlideMessage":"This is the first slide","a11yCarouselLastSlideMessage":"This is the last slide","a11yCarouselPaginationBulletMessage":"Go to slide"},"is_rtl":false,"breakpoints":{"xs":0,"sm":480,"md":768,"lg":1025,"xl":1440,"xxl":1600},"responsive":{"breakpoints":{"mobile":{"label":"Mobile Portrait","value":767,"default_value":767,"direction":"max","is_enabled":true},"mobile_extra":{"label":"Mobile Landscape","value":880,"default_value":880,"direction":"max","is_enabled":false},"tablet":{"label":"Tablet Portrait","value":1024,"default_value":1024,"direction":"max","is_enabled":true},"tablet_extra":{"label":"Tablet Landscape","value":1200,"default_value":1200,"direction":"max","is_enabled":false},"laptop":{"label":"Laptop","value":1366,"default_value":1366,"direction":"max","is_enabled":false},"widescreen":{"label":"Widescreen","value":2400,"default_value":2400,"direction":"min","is_enabled":false}},"hasCustomBreakpoints":false},"version":"3.29.1","is_static":false,"experimentalFeatures":{"e_font_icon_svg":true,"additional_custom_breakpoints":true,"e_optimized_markup":true,"e_local_google_fonts":true,"theme_builder_v2":true,"landing-pages":true,"editor_v2":true,"home_screen":true,"cloud-library":true,"e_opt_in_v4_page":true},"urls":{"assets":"https:\/\/emailexpert.com\/wp-content\/plugins\/elementor\/assets\/","ajaxurl":"https:\/\/emailexpert.com\/wp-admin\/admin-ajax.php","uploadUrl":"https:\/\/emailexpert.com\/wp-content\/uploads"},"nonces":{"floatingButtonsClickTracking":"d95e537ad0"},"swiperClass":"swiper","settings":{"page":[],"editorPreferences":[]},"kit":{"active_breakpoints":["viewport_mobile","viewport_tablet"],"global_image_lightbox":"yes","lightbox_enable_fullscreen":"yes","lightbox_enable_zoom":"yes","lightbox_title_src":"title","lightbox_description_src":"description","woocommerce_notices_elements":[]},"post":{"id":29800,"title":"Email%20Security%20in%202024%3A%20An%20Expert%20Look%20at%20Email-Based%20Threats%20%C2%BB%20emailexpert","excerpt":"","featuredImage":"https:\/\/emailexpert.com\/wp-content\/uploads\/2024\/02\/img-5-1024x576.png"}};
var wc_order_attribution = {"params":{"lifetime":1.0e-5,"session":30,"base64":false,"ajaxurl":"https:\/\/emailexpert.com\/wp-admin\/admin-ajax.php","prefix":"wc_order_attribution_","allowTracking":true},"fields":{"source_type":"current.typ","referrer":"current_add.rf","utm_campaign":"current.cmp","utm_source":"current.src","utm_medium":"current.mdm","utm_content":"current.cnt","utm_id":"current.id","utm_term":"current.trm","utm_source_platform":"current.plt","utm_creative_format":"current.fmt","utm_marketing_tactic":"current.tct","session_entry":"current_add.ep","session_start_time":"current_add.fd","session_pages":"session.pgs","session_count":"udata.vst","user_agent":"udata.uag"}};
var wc_cart_fragments_params = {"ajax_url":"\/wp-admin\/admin-ajax.php","wc_ajax_url":"\/?wc-ajax=%%endpoint%%","cart_hash_key":"wc_cart_hash_599f4bb86163e70d6e64c10a3b27c2a0","fragment_name":"wc_fragments_599f4bb86163e70d6e64c10a3b27c2a0","request_timeout":"5000"};
var ElementorProFrontendConfig = {"ajaxurl":"https:\/\/emailexpert.com\/wp-admin\/admin-ajax.php","nonce":"5587dee489","urls":{"assets":"https:\/\/emailexpert.com\/wp-content\/plugins\/elementor-pro\/assets\/","rest":"https:\/\/emailexpert.com\/wp-json\/"},"settings":{"lazy_load_background_images":false},"popup":{"hasPopUps":true},"shareButtonsNetworks":{"facebook":{"title":"Facebook","has_counter":true},"twitter":{"title":"Twitter"},"linkedin":{"title":"LinkedIn","has_counter":true},"pinterest":{"title":"Pinterest","has_counter":true},"reddit":{"title":"Reddit","has_counter":true},"vk":{"title":"VK","has_counter":true},"odnoklassniki":{"title":"OK","has_counter":true},"tumblr":{"title":"Tumblr"},"digg":{"title":"Digg"},"skype":{"title":"Skype"},"stumbleupon":{"title":"StumbleUpon","has_counter":true},"mix":{"title":"Mix"},"telegram":{"title":"Telegram"},"pocket":{"title":"Pocket","has_counter":true},"xing":{"title":"XING","has_counter":true},"whatsapp":{"title":"WhatsApp"},"email":{"title":"Email"},"print":{"title":"Print"},"x-twitter":{"title":"X"},"threads":{"title":"Threads"}},"woocommerce":{"menu_cart":{"cart_page_url":"https:\/\/emailexpert.com\/cart\/","checkout_page_url":"https:\/\/emailexpert.com\/checkout\/","fragments_nonce":"1b0de6d697"}},"facebook_sdk":{"lang":"en_US","app_id":""},"lottie":{"defaultAnimationUrl":"https:\/\/emailexpert.com\/wp-content\/plugins\/elementor-pro\/modules\/lottie\/assets\/animations\/default.json"}};
