Skip to main content

Millions of malicious emails missed by security filters

(Image credit: Image source: Shutterstock/kpatyhka)

Email scanning solutions tasked with filtering out spam, phishing and malware-laden messages are not 100 percent effective. In fact, one in every seven inboxes (opens in new tab) currently has at least one malicious email sitting inside.

This is according to a new report from cybersecurity firm Barracuda, based on data pulled from its Email Threat Scanner. The company said that 4,550 organizations used the tool to scan more than 2.6 million unique messages last year, finding approximately 2.03 million unique attacks.

On average, each organization suffered approximately 512 attacks, while in 14 percent of cases the attacks were still sitting in the inbox at the time of the analysis.

Barracuda says that while scamming, extortion and business email compromise (BEC) pose a significant threat, phishing emails are the most common form of attack. Of all the malicious emails that made it past cybersecurity filters, phishing emails took up 59 percent and scams accounted for 39 percent.

Extortion and BEC were less prevalent, likely because these types of attacks are usually highly personalized and therefore smaller in scale.

“As these numbers show, traditional email gateways (opens in new tab) are not enough. Customers should also use API-based inbox defenses to maximize their protection,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection at Barracuda.

The best way to defend against phishing attacks is to always doublecheck the sender's address and make sure not to click links or download attachments unless certain they are clean. If possible, it is recommended that users double-check with the email sender through different channels (phone or social media, for example).

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.