Malicious URLs used as click bait and delivered through both email and web
Mimecast Limited has announced the latest Email Security Risk Assessment (ESRA) report, an aggregated analysis of tests that measure the efficacy of widely used email security systems.[1] This quarter’s report found that email delivered with malicious URLs, a recently added part of the testing, has increased by more than 125 per cent in comparison to last quarter’s results.
The data was analysed and, as in past periods, Mimecast was found to deliver superior efficacy. New to the ESRA report, was testing for malicious URLs. Mimecast detected 463,546 malicious URLs contained in the 28,407,664 emails delivered were deemed “safe” by an organisation’s existing email security system, averaging to one malicious URL in every 61 emails. Recent research Mimecast conducted with Vanson Bourne independently also confirms that malicious URLs are a rampant problem, with 45 per cent of the 1,025 respondents saying the volume of these URL-based attacks or those with dangerous attachments have increased over the last year. Despite the fact that the majority of cyberattacks start with an email, the lines between email and web security are blurring.
In addition to malicious URLs, the latest ESRA report also found 24,908,891 spam emails, 26,713 malware attachments, 53,753 impersonation attacks, and 23,872 dangerous file types of the 232,010,981 total emails inspected were all missed by these incumbent security solution providers and delivered to inboxes, putting individuals and organisations at risk.
“Email and the web are natural complements when it comes to the infiltration of an organisation. Email delivers believable content and easily clickable URLs, which then can lead unintended victims to malicious web sites. URLs within emails are literally the point of intersection between email and the web. Organisations need the visibility across both channels in order to have the protection required to stay on top of today’s ever evolving and expanding threats and having a single vendor in an integrated solution can help,” said Matthew Gardiner, cybersecurity strategist at Mimecast. “Cybercriminals are constantly looking for new ways to evade detection, often turning to easier methods like social engineering to gain intel on a person or pulling images from the internet to help ‘legitimise’ their impersonation attempts to gain credentials or information from unsuspecting users.”
Impersonation fraud also continues to grow and present challenges. The new research from Mimecast and Vanson Bourne revealed that 41 per cent of respondents reported seeing an increase in impersonation fraud from vendors or business partners asking for money, sensitive information or credentials – with 38 per cent saying they’ve seen an increase of impersonation fraud from well-known internet brands.
After two years of reporting data, the Mimecast quarterly ESRA reports continue to provide industry trends based on reinspection of participating organisations’ emails that were previously deemed safe by their current email security systems.
Additional resources
Download the latest ESRA Report
Download the ESRA Infographic
About Mimecast
Mimecast is a cybersecurity provider that helps thousands of organisations worldwide make email safer, restore trust and bolster cyber resilience. Mimecast’s expanded cloud suite enables organisations to implement a comprehensive cyber resilience strategy. From email and web security, archive and data protection, to awareness training, uptime assurance and more, Mimecast helps organisations stand strong in the face of cyberattacks, human error and technical failure. www.mimecast.com
Mimecast social media resources
LinkedIn: Mimecast
Facebook: Mimecast
Twitter: @Mimecast | @MimecastAPAC
Blog: Cyber Resilience Insights
[1] Specific security policy settings and controls of the incumbent email security system are managed by the customer.