Email Threats: One-Quarter Of Malicious Messages Pass Through Security

A new report from security experts found the security systems of top email services regularly allow malicious emails through the cracks, putting users at risk of being infected or compromised.

The data comes courtesy of Mimecast, an email and data security company that publishes a quarterly report on the state of email security. The most recent Email Security Risk Assessment report found more than one in four emails that pass through existing security systems to be unsafe.

Read: Phishing Scams: FBI Says Businesses Have Lost $5 Billion In Phishing, Social Engineering Attacks

Mimecast inspected more than 45 million emails that were able to successfully pass through the security checks of email systems like Microsoft Office 365, Symantec Email Security.Cloud and Google’s G Suite. Of those 45 million emails, 24.2 percent were deemed unsafe by the researchers.

The study, which inspected the emails of 62,000 email users over a period of 428 days, suggests that built-in security systems aren’t enough to catch potential threats directed at people’s inboxes.

Mimecast found more than 10.8 million piece of spam made it through the incumbent email security systems. While much of the spam was relatively harmless, the study also found 8,682 dangerous file types attached to emails that made it through security checks.

Of the malicious files that made it through, 1,778 known types of malware were identified—an especially troubling stat considering the security systems are missing existing threats. Another 503 unknown malware types were also detected by the study.

Read: Google Using Machine Learning To Fight Phishing, Spam Emails

Mimecast also found nearly 10,000 examples of impersonation emails that made it past standard security systems.These types of emails are often used to steal information including login credentials or even money from a victim.

These types of attacks can be especially potent against businesses and organizations, which are popular targets for attackers as they know there is a significant amount of valuable data that can be stolen or compromised.

Earlier this year, the FBI warned that Business Email Compromise (BEC) attacks are on the rise and have resulted in billions of dollars being stolen from businesses worldwide.

According to the FBI’s analysis, there have been 40,203 BEC attacks reported in the last three years, resulting in affected businesses losing more than $5.3 billion. Attacks have increased exponentially in the last two years, with a 2,370 percent increase in identified losses taking place between January 2015 and December 2016.

According to data from security firm Proofpoint, two-thirds of all BEC attacks are imposter or impersonation emails. Often times the attacker will use spoofed email addresses to make it appear a fraudulent email was coming from a legitimate source.

The study conducted by Mimecast suggests businesses and individuals who are worried about the safety of emails that land in their inbox should utilize a third-party email scan to provide additional protection and intercept any threats that may slip through the cracks of traditional security systems.