New Symantec Report: 1 in 9 Email Users Encountering Malware
Today, Symantec published new findings on the email threat landscape indicating a continued increase of malware
encounters. The report may also serve as helpful information for future stories on the topic.
Email is everywhere and cyber attackers are taking advantage. For example, we’ve seen a fake Google Docs phishing scam
spread across the world earlier this year. Symantec’s ISTR special report outlines how email users are vulnerable to a variety of threats.
Key findings in the Email Threats 2017 paper include:
•Email is the most commonly used infection vector.
• On average, one out of every nine email users have encountered malware in the first half of 2017.
• Approximately 8,000 businesses each month are targeted by Business Email Compromise (BEC) scams. A targeted organisation is sent five BEC emails in a given month.
• The spam rate for the first half of 2017 reached 54 percent (after bottoming out over the last two years), and
is expected to continue to climb as the year progresses.
Users encounter threats through email twice as often as other infection vector
Summary: The latest ISTR special report, Email Threats 2017, casts a light on a threat landscape where attackers are
actively spreading malicious threats, BEC scams, and a variety of spam through email.
In our latest ISTR special report, Email Threats 2017, we describe how people are more than twice as likely to encounter
threats through email than any other infection vector. In fact, one out of every nine email users will have had a
malicious email sent to them in the first half of 2017. And the likelihood rises further depending on which industry the
user works in. For instance, if the user is in Wholesale Trade, as they likely would in the scenario outlined above,
that ratio climbs to one out of every four users.
But email with malicious code isn’t the only threat out there. Business email compromise (BEC) scams are another
continuing threat. These are scenarios where a scammer impersonates someone along the lines of an executive within your
company, or another person of power within the supply or administrative chains, and attempts to get users to wire money
or share sensitive information with them.
It’s an attack that’s proven quite lucrative for scammers—the FBI estimates over US$5 billion has been stolen through
these scams between late 2013 and the end of 2016. According to our latest analysis, we see approximately 8,000
businesses targeted by BEC scams in a given month. On average these businesses receive more than five BEC scam emails
each month.
Spam also continues to be an email annoyance as well. While the spam rate has been in a slow but steady decline since
2011, our latest research has discovered that the spam rate may have bottomed out and is now beginning to climb again.
In fact, the spam rate for the first half of 2017 hit 54 percent, which equates to around 11 more spam emails in your
inbox each month compared to a year ago.
Once again, these rates are much higher in some industries. For instance, our friends in the Wholesale Trade industry
can see twice as much spam as the average user would. But they’re not alone, as other industries, such as Manufacturing,
Retail Trade, Construction, and Mining — all industries that can also be targeted by campaigns such as the one above —
saw spam rates that were all 1.5 times above the average.
Email is one of the most popular tools for communication, but this ubiquity has also made it a hotbed full of scammers
looking to wreak havoc. These are just a few of the insights uncovered in our latest ISTR special report. You can
download your copy of Email Threats 2017 now to read about more risks on the email threat landscape and what you can do
about it.
ENDS