5 latest email threats and what to do about them

minute read

Last Updated October 24, 2023

Category Cloud hosting

5 Latest Email Threats and What to Do About Them


Did you know that 80% of security threats start with an email? This means that email security threats are threatening your sensitive (read: client!) information—right at this very moment.

As such, protecting your email must be one of your top security goals. Unfortunately, fully managing email security on your own has become an impossibility.

As AI matures and threats become more complex, it’s becoming difficult for even seasoned employees to avoid acting on dangerous emails.

Just how tricky have email security threats become?

To see how challenging it’s becoming to avoid email threats, let’s look back at some examples from the first half of 2023.

No. 1: Credential-stealing phishing emails increased by 85%

One Q2 study, released in July 2023, shows that credential phishing activity increased 85% over Q2 of 2023 compared to Q2 of 2022.

Source: 2023 Cofense Phishing Intelligence Trends Review: Q2

With credential phishing, attackers use compromised accounts to ensure their malicious emails are delivered, as they are using legitimate domains.

No. 2: Chinese hackers infiltrate email systems

Also in July, Microsoft reported that customer email systems had been infiltrated by Chinese hackers. The victims of this espionage activity included US federal agencies.

No. 3: Bad actors pose as a consumer survey to steal credit card info

Consumer Affairs and Trend Micro also identified in July that consumer surveys are being used to steal customer information, including credit card info.

No. 4: Business email compromise proves compromising

In June, Bleeping Computer covered the current state of business email compromise (BEC), naming false invoicing, attorney impersonation and CEO fraud as some of the tactics used to trick employees into taking dangerous actions.

Note that these techniques often involve research about recipients and are meant to be highly personalized.

No. 5: One in four emails are part of a phishing campaign

According to Vipre’s Email Threat Trends Q1 2023 report, vendor impersonation threats were common over the first quarter of 2023, with one in every four emails being part of a phishing campaign.

These campaigns often involved vendors consumers knew about or were using solutions from.

Microsoft was the most-impersonated vendor in Q1 of 2023, with attackers using malicious links and attachments to gain access to data.

The report also notes the use of emails containing malicious Microsoft OneNote attachments as an attack technique.

How to protect yourself from email security threats

These threats contain a level of sophistication, targeting the victims and appearing to come from legitimate vendors.

So, what should you do to protect your firm or small business from these proliferating email threats?  

If you don’t have an internal security team, you should choose a trusted partner to deliver comprehensive email security to you.

Whether internal or external—your email security must have the following four capabilities:

  1. Advanced threat blocking: Threat actors go deep. Your protection should do the same. Ensure your service has spam filters, and also blocks phishing, spoofing, BEC along with other, more advanced threats.

    Results are based on 7,500 working adults and 1,050 IT security professionals across 15 countries. Proofpoint, 2023 State of the Phish
  2. Ongoing monitoring: Automated, AI-driven monitoring is a must-have. But if you belong to a smaller firm or business, you also need to know who to call if you have an email security concern. Your security provider should also be able to tell you about any potential threats, and if an email you receive is safe to open or click.
  3. Account takeover protection: Make sure your service monitors your account for malicious activity. (The last thing you want is someone taking over your email…then sending nefarious communications to clients and customers.)
  4. Dedicated backup: While your email provider may replicate your data, this isn’t the same as having a dedicated, third-party backup solution. Make sure your provider has granular backups immediately available to your business, should you ever need them.

Guard against every type of email security threat

Ready to get protected? We can help.

Last quarter, we blocked over 100,000 threats for our Managed Security and Managed Microsoft 365 solution customers.

To learn more, visit us online or schedule a call.

Recommended next

How Managed Service Partners Help Secure Microsoft 365

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.