Skip to main content

Millions of malicious emails missed by security filters

(Image credit: Image source: Shutterstock/kpatyhka)

Email scanning solutions tasked with filtering out spam, phishing and malware-laden messages are not 100 percent effective. In fact, one in every seven inboxes currently has at least one malicious email sitting inside.

This is according to a new report from cybersecurity firm Barracuda, based on data pulled from its Email Threat Scanner. The company said that 4,550 organizations used the tool to scan more than 2.6 million unique messages last year, finding approximately 2.03 million unique attacks.

On average, each organization suffered approximately 512 attacks, while in 14 percent of cases the attacks were still sitting in the inbox at the time of the analysis.

Barracuda says that while scamming, extortion and business email compromise (BEC) pose a significant threat, phishing emails are the most common form of attack. Of all the malicious emails that made it past cybersecurity filters, phishing emails took up 59 percent and scams accounted for 39 percent.

Extortion and BEC were less prevalent, likely because these types of attacks are usually highly personalized and therefore smaller in scale.

“As these numbers show, traditional email gateways are not enough. Customers should also use API-based inbox defenses to maximize their protection,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection at Barracuda.

The best way to defend against phishing attacks is to always doublecheck the sender's address and make sure not to click links or download attachments unless certain they are clean. If possible, it is recommended that users double-check with the email sender through different channels (phone or social media, for example).