- Security outfit VIPRE processed 7.2 billion emails to deliver a scathing report
- It found 90% of emails sent are classified as spam, with the US topping the spam senders list
- Rising threats for 2025 include QR code phishing and adoption of deepfakes
VIPRE processed 7.2 billion emails in 2024 and uncovered a staggering 858 million instances of spam, with the majority flagged due to content (437 million) or the links inside (411.62 million).
The security firm’s latest email threat analysis research also revealed over 90% of all emails identified as spam included unsolicited commercial messages and malicious phishing attempts which attempt to evade secure email provider filtering.
VIPRE found the US is the leading source of spam emails, followed by the UK, with countries like Switzerland and Sweden also among the top senders.
The rise of malspam and phishing
The digital age has brought an overwhelming deluge of email spam; other recent research claims businesses reportedly received 20 billion spam emails in 2024.
Malspam, or malicious spam, continues to be a significant threat, and attackers are known to switch up their attack methods.
In Q1 2024, 78% of malspam used attachments, while Q2 saw a shift to 86% using links. By Q4, attachments had regained prominence, with PDF, DOCX, and XLSX files being the most common carriers of malware.
Links remained the most common phishing tool, with URL redirection accounting for 51% of phishing attempts. QR codes emerged as a new attack technique, with their usage in phishing emails rose from 1% in Q1 to 12% in Q4.
VIPRE’s report encourages vigilance against emails purportedly coming from CEOs and top business executives; the firm found 70% of all scam emails use this format. Such spam emails primarily target the manufacturing sector (32%), energy (9%), retail (8%), health (5%), and government (4%). Microsoft remained the most spoofed brand with the likes of DocuSign, Apple, and Google also topping the list.
To combat these evolving threats, organizations must adopt a multi-layered approach to email security. Implementing email authentication protocols like SPF, DKIM, and DMARC can help prevent spoofing and impersonation while investing in AI-powered detection tools can provide real-time protection against emerging threats.
In addition, enforcing multi-factor authentication (MFA) via authenticator apps adds an additional layer of security, while continuous user education is essential for identifying phishing attempts.
On the backend, behavioral analysis and endpoint protection systems should also be deployed to detect and block suspicious messages and malware.
“This annual email landscape analysis provides valuable insight into the cybersecurity threats that will challenge businesses in 2025,” said Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group.
“To counter the increasingly automated and AI-enhanced email-based threats, organisations need to implement robust email security technologies and foster a culture of highly vigilant security awareness among employees, in equal measure. This dual approach presents the most realistic and effective approach to surmount the ever-advancing and difficult-to-spot email-based threats.”
You may also like
Services Marketplace – Listings, Bookings & Reviews