What’s the most dangerous thing you do every day at your computer or smartphone? For most people, I would argue, the answer is checking your emails. It’s why the likes of Microsoft have introduced strict new email rules for Outlook users, following in the footsteps of Google doing likewise for those using Gmail. I mean, it’s not surprising given that attackers use email as a conduit to password and 2FA code theft, and the FBI is now warning people not to click on anything. Now a shocking new report has revealed the true extent to which the communication threat extends, with a staggering 30 malicious emails a day arriving on average.
400 Million Dangerous Emails – 30 Threats Every Day In Your Inbox
On March 15, I reported that threat analysts working at Hornet Security had confirmed its customers were subject to an astonishing 427.8 million dangerous emails during 2024 alone. And that’s just one security organization reporting on its own customer base.
The latest Barracuda email threats report, published April 28, doesn’t paint a brighter picture, truth be told. If anything, the new analysis just brings the risk your emails present into a brighter light to illuminate the darkness of the email threat landscape.
The key takeaways from the report highlight the problem by the numbers:
- 23% of all HTML email attachments are malicious. These represent, Barracuda said, the “most weaponized text file type.” Indeed, it would appear that more than 75% of all malicious files detected were of the HTML type.
- 68% of malicious PDF attachments contain deceptive QR codes linking to phishing sites. 12% of these involve extortion scams.
- 83% of malicious Microsoft documents contain the same.
- 47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance configured to protect against spoofing and impersonation attacks.
- 24% of email messages overall are now malicious or unwanted spam.
Given that, on average, an individual receives some 121 emails each and every day, that equates to around 30 dangerous emails that you need to protect against.
Mitigating The Dangerous Emails Threatscape
“Malicious email attachments, QR codes and URLs are used by attackers to distribute malware, launch phishing campaigns and exploit vulnerabilities,” Olesia Klevchuk, product marketing director for email protection at Barracuda, said. The failure of organisations to implement DMARC protections, which would otherwise make it much harder for attackers to impersonate their brand and implement fraudulent attacks using malicious emails, isn’t helping. “Organizations need to mitigate the risks by implementing best practice industry standards and adopting a multi-layered approach to email security,” Klevchuk concluded, “leveraging AI-driven threat detection to spot attacks hidden in attachments and malicious websites.”
