A new report from Mimecast has revealed cybercriminals are increasingly using malicious URLs in phishing emails to obtain credentials and deliver malware.
Mimecast’s figures show there has been a 126% increase in delivered emails that contain malicious URLs between August 2018 and February 2019.
The company has analyzed more than 28.4 million emails that had been determined to be safe by email security solutions and were delivered to inboxes. More than 460,000 emails contained malicious URLs that had not been detected. Therefore, one out of every 61 emails that are delivered to inboxes contains a malicious URL.
Previous DMR reports suggest that in 2018, an average office worker received 121 emails a day, so 1-2 emails containing malicious links are likely to be received per day. An enterprise with 1,000 employees could receive between 1,000 and 2,000 emails containing malicious links every day.
While email security solutions are deployed by businesses to limit the number of malicious emails that are delivered, no solution will be 100% effective. Businesses need to implement layered defenses to protect against email-based attacks.
In addition to an advanced spam filtering solution, end user training is essential. Employees should be trained on cybersecurity best practices and taught how to identify malicious emails and what to do when they encounter a potential threat.
While email security solutions are largely effective at blocking emails containing malware, they are less effective at identifying and blocking email containing malicious links. To improve security, businesses should consider using a web filtering solution. A web filter uses blacklists to prevent users from visiting domains known to be malicious. Advanced web filtering solutions can also scan websites in real-time to assess content. If a site is confirmed as malicious, access to the site is prevented.
The high volume of messages that are making it past email gateway solutions confirms just how important it is for additional controls to be implemented by businesses to prevent malware infections and not to rely on a spam filter for protection.