Nearly Half a Billion Emails to Businesses Contain Malicious Content, Hornetsecurity Report Finds

Nearly Half a Billion Emails to Businesses Contain Malicious Content, Hornetsecurity Report Finds
  • One-third of all emails received are unwanted, with 2.3% of unwanted emails containing malicious content

  • Phishing remains the top email threat, accounting for a third of attacks – despite other popular emerging attack types

Hornetsecurity’s annual Cybersecurity Report has revealed that a third (36.9%) of all emails received by businesses (20.5 billion) in 2024 were unwanted. Of these, 2.3% contain malicious content, totalling 427.8 million emails.

Once again, phishing remains the most prevalent form of attack, responsible for a third of all cyber-attacks in 2024. This was confirmed by the analysis of 55.6 billion emails, showing that Phishing remains a top concern consistently year over year. Malicious URLs and advanced fee scams were responsible for 22.7% and 6.4% respectively.

Commenting on the findings, Daniel Hofmann, Hornetsecurity CEO, said: “These findings highlight both progress and new challenges in the fight against cyber threats. While it’s encouraging to see some consistency in attack methods, for defensive purposes, the shift toward more targeted social engineering tactics means businesses must stay vigilant.

“With over 427 million malicious emails still reaching inboxes, it’s clear that cybersecurity strategies must evolve to stay ahead of increasingly sophisticated threats. This data underscores the need for stronger email security coupled with user awareness to keep organisations safe.”

Marketing Technology News: Adobe Forecasts Record $240.8 Billion U.S. Holiday Season Online with Black Friday Growth to Outpace Cyber Monday

Rise in reverse-proxy credential theft

Nearly every malicious file type saw a decrease compared to last year. However, HTML files (20.4%), PDFs (19.2%), and Archive (17.6%) files remain in the top three spots in a continuation from 2023.

The data shows a decrease in the use of malicious attachments, this is due to a rise in reverse-proxy credential theft attacks over the past year, which use social engineering and malicious links (not attachments) to trick users. These attacks redirect users to fake login pages that capture credentials in real-time, even bypassing two-factor authentication.

Malicious URLs are the second most common type of attack, making up 22.7% of all attacks. Their use surged in 2023 and continues to grow as attackers use them in credential-stealing attempts. Tools such as Evilginx allow attackers to set up fake login pages to trick users into entering their credentials, which are then captured.

Marketing Technology News: MarTech Interview with Adam Brotman, Co-Founder and Co-Ceo @ Forum3

Rising targeted attacks across all industries

Due to the net decline in attacks, the threat index for nearly every industry dropped during the data period compared to 2023. However, the data continues to show that every industry is under attack – with mining, entertainment, and manufacturing being the most targeted for ransomware attacks and double-extortion scams.

Shipping brands, such as DHL and FedEx, are the most impersonated brands online. Cyber attackers are targeting customers through phishing scams that boast a high degree of similarity to real communications from these organisations. DocuSign and Facebook also both saw more than double the amount of impersonation attempts compared to 2023, while Mastercard and Netflix both saw notable increases as well.

The need for zero-trust mindset

Hofmann added: “In 2025, organisations must prioritise basic security practices and embrace a zero-trust mindset to tackle vulnerabilities head-on and foster a strong security culture. Building a well-defended business isn’t possible without engaging everyone—helping them understand how cybersecurity impacts them personally and why their role is essential to keeping threats at bay.

“This report’s findings should motivate, not deter, organisations from focusing on cybersecurity. By working with trusted vendors, companies can not only protect themselves but also tap into expert knowledge that elevates their overall cybersecurity strategy.”

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.

Picture of PRNewswire

PRNewswire

PR Newswire, a Cision company, is the premier global provider of multimedia platforms and distribution that marketers, corporate communicators, sustainability officers, public affairs and investor relations officers leverage to engage key audiences. Having pioneered the commercial news distribution industry over 60 years ago, PR Newswire today provides end-to- end solutions to produce, optimize and target content -- and then distribute and measure results. Combining the world's largest multi-channel, multi-cultural content distribution and optimization network with comprehensive workflow tools and platforms, PR Newswire powers the stories of organizations around the world. PR Newswire serves tens of thousands of clients from offices in the Americas, Europe, Middle East, Africa and Asia-Pacific regions.

You Might Also Like