These are the most common types of phishing emails reaching your inbox

One kind of phishing attack is much better at beating security defences than the rest, warns new research.
Written by Danny Palmer, Senior Writer

The number of phishing attacks targeting email users is on the rise, but there's one version of this threat that appears to be making its way into inboxes more than others.

A survey by cybersecurity company GreatHorn reveals that information-security professionals say the number of threats evading email defences has increased by 25% over the last year, with half of email users now seeing malicious messages arriving in their inbox every week.

The most common type of threat which reaches inboxes is people impersonations, which account for 45% of messages.

These messages are often the result of attackers knowing about a business to the extent they know the name of its CEO, boss, or staff. Initially, such messages often don't have the tell-tale signs of being a threat -- like suspicious links and attachments -- which means they more easily bypass companies' email defences.

Attempted credential theft is the second most prevalent threat, where messages attempt to trick victims into handing over usernames, passwords, financial information, and other data, to hackers. They account for 27% of malicious messages that reach inboxes.

Wire transfer requests -- emails that claim a payment needs to be made -- account for 25% of malicious messages which users see, while business spoofing messages made it to the inboxes of 23% of those surveyed.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Meanwhile, 21% of users say they've seen emails containing malicious attachments reach their inboxes, rather than being intercepted by security defences.

In each of the cases, the phishing emails could potentially lead to a cyber-attack or a data breach.

"Employees -- particularly non-technical professionals -- overestimate the efficacy of their workplace's email security strategy," said GreatHorn CEO Kevin O'Brien.

"There is an alarming sense of complacency at enterprises at the same time that cybercriminals have increased the volume and sophistication of their email attacks. Businesses must protect themselves at every point of the email lifecycle, including post-delivery, to adequately protect themselves from modern spear phishing and social engineering attempts," he added.

To counter the growing threat, GreatHorn's 2019 Email Security Trends, Challenges, and Benchmark Survey Report recommends that IT teams should be vigilant when it comes to email security and ensure that users are trained in recognizing potential threats -- as people can be trained to become one of the top defences against such attacks.


Editorial standards