Three billion email-based phishing attacks are sent every day

31 Jul 2024, by Slade Baylis

As mentioned last month in our cybersecurity update, with the ever-increasing threat of identity-based attacks, it’s more important than ever to protect yourself and your business from this type of attack. Whilst the ultimate defence against phishing attacks is training staff to avoid falling for these scams by knowing what warning signs to look out for, a close second is the use of tools to help prevent them from even reaching your staff in the first place.

However, doing all this is more difficult than it sounds, as the different avenues that these attacks can come from is always dynamic and expanding. For example, phishing attacks sent via SMS, referred to as “smishing”, have now become almost ubiquitous, and AI language models are now being used to craft complex and targeted phishing messages, not to mention that AI voice-cloning enabled voice-based phishing is seemingly just around the corner!

With the probability of any attack succeeding dramatically increasing with the number attacks that you receive, any tool that can be used to fight back will be a necessary part of the toolkit needed to protect yourself.  That’s why this month we’ll be covering why spam email-filtering services are an important arrow to have in your quiver to keep you and your organisation safe.

First, what is phishing?

As the name implies via its connections to the word “fishing”, phishing attacks are meant to lure their victims into providing details that they shouldn’t have, via attempting to trick them.  To this end, they will pose as otherwise legitimate services, use various techniques to trick or stress out their target into making a hasty decision, as well as even threaten their victim with bills, fines, and even imprisonment for non-compliance!

For those interested in more details, we’ve covered the history and many different types of phishing attacks in our previous Deep Dive – What is phishing, where did it come from, and how can you avoid it? article.

Email-based phishing is still the largest attack-vector

It shouldn’t come as much of a surprise that email-based attacks still remain one of the most common attack-vectors, as they were one of the first ways that these attacks got their footing initially.  Not only that, but unfortunately, they work!  As reported by Verizon¹ in their 2023 Data Breach Investigations Report, human error was responsible for 74% of all data breaches!

That’s not the only reason to be worried about identity-based attacks though - the sheer volume of them should also be concerning us.   As reported by ZDNet², the email security company Valimail noted that of all the emails sent every day, around one percent of them were spoofing messages.  In total, this amounts to over three billion spoofing messages every single day!

So, with the high success rate and the sheer overwhelming number of attacks, you’d think that we’d be excused for thinking surely there isn’t any way that this could become even more concerning?  Well, unfortunately, that’s not the case either, as the development and proliferation of language-model AI tools is allowing bad-actors to improve their odds even further.  As reported by CrowdStrike³, cybercriminals are now using their own variants of AI tools, similar to ChatGPT, to dramatically improve the language and grammar within their malicious emails, meaning they’re even more likely to succeed.

It’s for all these reasons that all organisations will need to rely on email security services to help sort the wheat from the chaff, detecting and preventing the receipt of spam that could otherwise be imperceptibly different than the real thing.

The importance of email security services and appliances

Whilst email spam filters were initially created primarily as a way of preventing unsolicited emails, their role in the security space has always been important.  The harm done by a single unsolicited marketing email is much less than a single malicious email containing malware, however, the work that goes into recognising the former can also allow you to observe patterns that are useful in preventing the latter.

It’s for this reason that using some form of spam-filtering has become a default inclusion for basically all email services, no matter which provider you’re with.  However, the level and quality of the protection you receive will vary based on the type of spam filter, and the technology that’s used.

For example, with our own Shared Web Hosting platform, all of our hosting accounts come with basic email hosting that allows our users to create and manage email accounts for their business.  With this service, basic email filtering is included that uses public and open-source technologies to attempt to detect and prevent spam from coming through, allowing users to set their own thresholds and settings to reduce the chances of false-positives.

However, for those that require even further protection, more advanced email spam filtering services do exist - either provided as dedicated physical appliances that are purpose-built to detect spam, or as cloud-based services that are also built to do the same.  Here are Micron21, our enterprise-grade email spam filtering service utilises Cisco, an industry-leading technology company, as well as Ironport appliances that provide the highest level of protection, not only for ourselves, but also for our clients.  This service is able to dramatically reduce the likelihood of spam arriving within the mailboxes of our users, without the high false-positive rate of some other solutions.

External third-party SaaS (Software as a Service) solutions are also growing in popularity.  These services aim to solve the spam problem by allowing users to have their emails sent to and filtered on their servers, before finally being delivered to their own email accounts.  Solutions like SpamTitan, Barracuda, and Proofpoint are all examples of this sort of solution that’s been growing in popularity.

However, there are important things, related to security and data sovereignty, that one needs to keep in mind with these sorts of third-party SaaS solutions. This is because all these services require that you have your emails go through their service prior to you receiving your email, so you’ll want to be sure that you trust the provider that you end up choosing – both from a security perspective and also a privacy one.

If they’re offering a free tier that seems too good to be true, it’s especially important to read their terms and conditions closely to make sure there is nothing objectionable.  With growing concerns by many about client data being used and sold to third-parties for marketing purposes, it could be that your own private information is effectively being used to pay for your “free” service.

In any case, and whatever tool you end up using, these email spam filtering services are definitely an important tool for keeping yourself secure. With identity-based attacks growing in their sophistication, it’s going to become harder and harder for people to detect it without the help of dedicated email security services.

Have any questions about email filtering services or phishing?

We have tools that can train and test your team’s capability in response to phishing. If you’re looking to find out more, either about the different email filtering options that are out there, or about other ways to increase your security posture, let us know!

We’re more than happy to discuss your requirements and provide advice on the different things you can do to protect yourself.  Feel free to reach out to us on 1300 769 972 (Option #1) or email us at sales@micron21.com.

Source

1, Verizon, “2023 Data Breach Investigations Report”, <https://www.verizon.com/business/resources/reports/dbir/2023/summary-of-findings/>
2, ZDNet, “Three billion phishing emails are sent every day. But one change could make life much harder for scammers”, <https://www.zdnet.com/article/three-billion-phishing-emails-are-sent-every-day-but-one-change-could-make-life-much-harder-for-scammers/>
3, Crowdstrike, “CrowdStrike 2024 Global Threat Report: Adversaries Gain Speed and Stealth”, <https://www.crowdstrike.com/blog/crowdstrike-2024-global-threat-report/>”