Trend Micro Releases New Report on Email Threats

Trend Micro blocked 16.7 million high-risk email threats that slipped past webmail providers’ native filters. This amounts to an increase of nearly a third on 2019 figures.

The new statistics are provided by Trend Micro’s Cloud App Security (CAS), an API-based solution that provides second-layer protection for Microsoft Exchange Online, Gmail, and a host of other services.

Detections of malware, credential theft and phishing emails all recorded double-digit year-on-year increases in 2020, while BEC volumes dropped slightly.

Malware-laden emails

Trend Micro detected 1.1 million emails containing malware that would otherwise have appeared in users’ inboxes, up 16% on 2019 figures. These included many Emotet and Trickbot attacks which are often the precursor to targeted ransomware.

Phishing

Trend Micro intercepted over 6.9 million phishing emails in 2020, a 19% increase from the previous year. Discounting credential phishing, the number of threats in this category surged 41% over the period. COVID-19 was a common lure, as were big-name brands like Netflix that have become popular during the pandemic. Attackers were typically looking for personal and financial information to monetize.

Credential phishing

Trend Micro detected nearly 5.5 million attempts to steal users’ credentials that were allowed through by existing cloud native security filters. This was a 14% increase on 2019 and accounted for the vast majority of detected phishing emails. Attackers are increasingly supplementing these with phone-based vishing attacks.

Business email compromise (BEC)

Although BEC detections declined 18% year-on-year, average losses continue to rise — increasing 48% from the first to the second quarter of 2020.