Threat Actors Increasing Reliance on Email to Launch Attacks
Email has long been a preferred attack method for threat actors, and the rise of generative AI, which makes phishing scams harder to identify, is causing an increase in email attacks.
The average organization saw email-based threats increase by 25% from 2023 to the first half of 2024, with the most targeted industries being manufacturing, finance and law firms. Large enterprises are hit the hardest, reporting three times as many email-based attacks as small and medium businesses (SMB).
Cybercriminals are also targeting non-profit organizations, with a 35% increase in email attacks reported over the past year. Threat actors take advantage of smaller cybersecurity budgets and limited resources to gain access to these databases. The treasure trove of data—from donors’ personal information to financial transactions—makes it worth the effort for the cyber thieves.
What Drives the Success of Email Attacks?
Phishing is by far the most popular attack style used in email. These emails, disguised as legitimate communication from trustworthy sources, make up a third of all malicious email messages. Phishing attacks have jumped by more than 50% over the past year, and that is due to the use of AI.
Generative AI has made it easier for threat actors to build a flawless phishing email. Gone are the obvious spelling mistakes and poor grammar. It’s even become more difficult to detect a malicious link or attachment as AI has cleaned those up to look more legitimate.
Fake emails also include more targeted and specific information than ever. Credential theft gives cybercriminals access to high-level accounts. You may get an email from an account that you know—your co-worker, your boss, your lawyer—and everything looks legitimate. The email filtered into the correct folder and it includes information that is typical in your communications. Even the most security-aware person can end up launching malware because the phishing email appears flawless.
There is some good news: research shows that even as email threats increase, detection is getting better. While threat actors use generative AI tools to build more convincing brand impersonations, research also found that security tools, often using AI, are doing a better job in determining email attacks and putting them into spam folders before they can do damage.
Fight Back Against Email Scams
Staying safe from email attacks requires more vigilance than ever before. Security awareness training is vital, teaching users both how to spot phishing emails and what actions to take when they can’t confidently determine if an email is safe. Adding tools like advanced spam filters and anti-phishing technology will improve detection and keep unwanted and malicious emails away from the inbox.
Threat actors use email attacks because they work. As AI tools improve, the attacks will become even more difficult to detect. Users can no longer be sure they will recognize phishing or assume an email is legitimate. Email safety comes down to good education and good engagement with the security team. And with an email, if you aren’t sure, ask the sender. Just use a new email message to do it so you aren’t starting a conversation with the cybercriminal!