VIPRE Security Group 2023 Email Security Report Reveals Cybercriminals Posing as MFA Vendors

VIPRE Security Group today announced the release of their Email Security in 2023 Report, this year’s report found that cybercriminals are increasingly posing as Multi-factor Authentication vendors and small businesses are becoming more popular targets. The report provides an analysis of the latest trends in email security and recommendations on how to stay ahead of emerging malicious threats.

VIPRE processes over one million unique malware samples daily, scans more than 1.2 billion emails per month, and has secured over 20 million endpoints in more than 25 years in business. If there’s an email threat – VIPRE knows about it.

According to the report:

• Financial institutions (48%) are still the most targeted sector by a wide margin.
• Insider attacks now take on average 85 days to contain – up from 77 days the previous year.
• The most common phishing links are compromised websites (52%), newly registered domains (39%), and subdomain cybersquatting (9%).

The report also concluded that attachment-based malspam is on the rise, by a significant 22% when compared to malspam with links. Not to be forgotten, the technologically static attachment still is a popular nesting ground for malicious scripts and macros. Also, the US overtook Russia as the top spam originator among VIPRE customers. However, look with scrutiny: most of the world’s servers are in North America, so you can’t always take a US IP at face value.

“It’s one thing to get a siloed view from a single customer. It’s another to get a year’s worth of data from thousands of email clients across the globe,” said Usman Choudhary, chief product and technology officer at VIPRE. “You can speculate about emerging threats all you want, but the facts don’t lie.”

“It takes international resources, experienced analysis, and enterprise-level technology that only an experienced email security provider can offer to create a report like this. We know the experience we have in this space is unique, and the SME community might not get this type of information elsewhere, at least not on the scale or with the scope that we can offer it and we’re pleased to make this valuable resource available.”

Addressing the challenges of email-based threats

To combat emerging email-based threats, VIPRE’s new report highlights four recommendations that will enable businesses and their employees to fortify themselves against opportunistic email attacks:

• Cybercriminals are posing as MFA vendors. Think twice before you open Push notifications: Black Hats are jumping on the security bandwagon and posing as White Hat technologies. Accept a Push from the app only and beware of texts and pop-ups.
• Watch for an uptick in job-related spam. Cybercriminals know you (and everyone else) are looking for remote jobs and willing to interview online. Know the signs of fraud and how to keep professional platform interactions above-board.
• Spotify outranked Microsoft as the most spoofed brand. Stay leery when renewal time comes around: You’re not the only one with the date on your calendar. Even though it’s not a haul, cybercriminals are happy to get paid via a subscription-based model.
• As-a-Service models are out-of-control. Get ready for even more shotgun-spray attacks as the underground as-a-Service economy makes it easier than ever for novices to become bad guys. With a lower bar to entry, more will play, and SMBs will be at the top of beginner’s hit lists. 

About the VIPRE Email Security in 2023 Report

VIPRE’s 2023 Email Security Report is the proud cumulation of thousands of international customers, multiple corporate email servers, millions of malware scans, billions of emails, and hundreds of hours of analysis over the past twelve months.

To find out more about VIPRE and the trends and predictions of email threats in 2023, you can download the full report here.