Most emails received by companies are deemed spam or malicious, according to a new study by FireEye. In addition, only 32% are judged clean enough to make it into an inbox.
FireEye examined over a half billion emails between January and June of this year, and found that 58% were blocked by threat intelligence and 10% halted by attack protection tactics such as attachment detonation and URL inspection.
Of the blocked emails, 90% were suspected malware-less impersonations, CEO fraud, whaling, spear phishing or W2 scams, it reports. Phishing attacks made up 81% of the malware-less attacks.
The remainder contained malware viruses, ransomware, worms, Trojan horses and spyware.
However, only one of 101 emails seen in the sample data set had malicious intent.
A spike in email scams occurred during the April tax period.
Impersonation attacks have largely shifted from domain name spoofing towards friendly domain name scams. In these, an email address is spoofed to impersonate a trusted source.
“This shift in tactics may be driven by how easily cyber criminals can spoof the display name and username portion of an email header,” the study states. “Instead of having to go through the process of buying and registering a domain similar to or one that sounds like the recipient’s domain, they can simply change the display/user name.”
Malware-less attacks are most likely to it on Thursdays, and impersonation spam on Fridays. Weekends are dominated by malware-less emails.
“Not only is email the most pervasive form of communication, it is also the most popular vector for cyber attacks,” states Ken Bagnall, vice president of email security at FireEye.
He adds, “From malware to malware-less attacks including impersonation attacks like CEO fraud, a single malicious email can cause significant brand damage and financial losses.”