A report from VIPRE Security Group reveals that in 2024, 9 out of 10 emails were categorized as spam, highlighting the overwhelming amount of unwanted and potentially harmful messages flooding inboxes. The analysis covered 7.2 billion emails globally, with 37% classified as commercial spam, 32% as scam emails, and 21% as phishing attempts. Despite efforts to combat these issues, the report underscores how challenging it remains for both individuals and businesses to avoid these threats.
The report also details the rise of AI-driven phishing campaigns, making it easier for attackers to craft highly convincing business email compromise (BEC) messages. These campaigns are tailored to sound like legitimate senders, making them harder to spot. Notably, phishing emails often contain links (70%), with attachments and QR codes also emerging as common delivery methods for malware. Cybercriminals continued to use URL redirection as the top tactic for deploying phishing links, reflecting the increasing sophistication of these attacks.
Infostealers and remote access trojans (RATs) were identified as the most prevalent types of malware encountered during 2024.
These malicious programs are designed to steal sensitive information or provide remote control over infected systems. The report pointed out that all identified malware was Windows-based, with notable examples such as Stealc, Lumma, and AgentTesla. As threats evolve, the malware landscape becomes more tailored and persistent, aiming to gather valuable data or deploy ransomware.
The study also emphasized the rise of social engineering tactics like impersonation, particularly through BEC scams. Cybercriminals frequently impersonated CEOs and other executives in 74% of cases, capitalizing on the trust that comes with these roles. The manufacturing sector was the most targeted industry, while Microsoft remained the most spoofed brand throughout the year. Experts advise organizations to invest in robust email security technologies and foster a culture of security awareness to effectively counter these AI-driven and increasingly sophisticated email threats.
