Malicious Emails Increase by 341% Over Last Six Months

A recent report from SlashNext  shows a significant 341% increase in malicious emails over the past six months. This surge includes a rise in BEC, phishing, and other message-based attacks facilitated by generative AI.

Key findings from the report are:

• Since November 2022, malicious emails have spiked by 4,151% due to the introduction of ChatGPT.
• Credential harvesting phishing attacks have risen by 217% in the last six months.
• BEC attacks have seen a 29% increase in the same period.
• 45% of mobile threats are SMS smishing attacks.

Insights from Security Leaders:

Mika Aalto, Co-Founder and CEO at Hoxhunt:

“While the surge in sophisticated phishing emails driven by generative AI is alarming, it is positive that email filters are effectively catching most of them. However, there is a pressing need for targeted security training to combat evolving threats like BEC and AI-powered attacks that can deceive users. It is crucial to empower the workforce to identify and report fraudulent emails effectively.”

“The rise in mobile-based attacks like SMS smishing underscores the importance of tailored security awareness training to mitigate such risks.”

Krishna Vishnubhotla, Vice President of Product Strategy at Zimperium:

“Organizations must implement robust endpoint security measures to safeguard employees against malicious links, attachments, and QR codes in emails. Adopting a zero-trust model and using encrypted communication can enhance protection against modern email threats. Combining technological defenses with vigilant practices is essential to thwart cybercriminals effectively.”

Darren Guccione, CEO and Co-Founder at Keeper Security:

“The increasing utilization of AI tools like ChatGPT in cybersecurity highlights the need for organizations to continuously adapt and enhance their defenses. While AI offers benefits for security professionals in threat analysis and incident response, its misuse by malicious actors poses a significant threat. Businesses must prioritize cybersecurity training and measures to counter the evolving tactics of adversaries using AI for social engineering and phishing scams.”