A recent report from VIPRE highlights the alarming increase in phishing emails and spam emails in the second quarter of 2023. According to the report, a staggering 85% of phishing emails utilized malicious links within the email content, indicating the growing sophistication of cybercriminals.
Additionally, there was a significant 30% increase in spam emails from Q1 to Q2 2023, further emphasizing the prevalence and evolving tactics of email-based attacks. VIPRE’s analysis also revealed that information technology organizations surpassed financial institutions as the most targeted sector for phishing attacks in Q2.
One notable finding in the report was the emergence of a new macro-less malspam email campaign. These emails were designed to bypass the security warnings added to Microsoft Office programs in response to traditional macro malware. By utilizing a spoof “.docx” file, the attacker tricked victims into opening the file, which then directed them to a malicious external resource page.
The report also uncovered a previously unknown malspam email campaign that exploited the CVE-2022-30190 vulnerability, also known as “Follina.” This vulnerability allowed cybercriminals to execute remote code on the victim’s system by leveraging the Microsoft Support Diagnostic Tool (MSDT).
Furthermore, VIPRE detected that 58% of the nearly 230 million malicious emails in Q2 utilized nefarious content. Around 42% of these emails contained malicious links, while 90,000 malicious attachments were identified through behavioral-driven monitoring.
The prevalence of malicious content in phishing emails can be attributed to the increased awareness among users about regular phishing links or attachments. Cybercriminals have adapted their tactics by using content that tricks victims into taking specific actions, such as approving or submitting payments. This method is more challenging to detect, as users are less likely to suspect any wrongdoing.
The efficacy of malicious content explains why 48% of scam emails in Q2 were categorized as Business Email Compromise (BEC) scams. These scams heavily rely on content manipulation rather than links or attachments.
Interestingly, the report revealed a significant shift in the top email threat attack targets from Q1 to Q2. Financial institutions, which were targeted at a rate of 25% in the first quarter, dramatically dropped to just 9% in the second quarter. This decline can be attributed to the increased investment by financial institutions in preventive measures against cyberattacks, resulting in a lower success rate for cybercriminals.
Another concerning finding from the report was the increasing use of QR codes as a primary attack method in phishing emails. Cybercriminals exploited QR codes to divert users to phishing pages and bypass traditional email-based attack techniques. This shift suggests that users are becoming more aware of malicious links or attachments, forcing threat actors to resort to unconventional methods.
While it is worth noting that 67% of spam emails originated in the United States, cybercriminals often obfuscate their location to avoid detection. This highlights the global and widespread nature of these email-based attacks.
In response to these growing threats, Usman Choudhary, the Chief Product and Technology Officer at VIPRE, emphasized the importance of proper analysis and research in understanding the email threat landscape. VIPRE utilized their extensive experience and data from a diverse set of customer environments to provide accurate and actionable insights into email-based threats.
Overall, the VIPRE report paints a concerning picture of the evolving tactics and increasing prevalence of phishing and spam emails. Organizations and individuals must remain vigilant in identifying and preventing these email-based attacks to protect sensitive information and assets.