Here Are the Types of Malicious Messages Graphus Detected in 2021

May 19, 2022

Businesses are under siege from a barrage of phishing emails daily, and that pressure is only growing. At the same time, cybercriminals are constantly stepping up their game to bypass many traditional email security measures and lure their targets in with sophisticated, hard-to-detect messages, resulting in significant email security challenges for businesses. Bad actors are increasingly turning to social engineering techniques to fool their targets, like masquerading as a trusted contact or impersonating well-known brands. As the cybercriminal playbook evolves, IT professionals have to evolve their own playbooks to contend with a rapidly-shifting threat landscape. 

Excerpted in part from the eBook The State of Email Security 2022 DOWNLOAD IT>> 

Phishing is The Root of Many Risks 

Fortunately for IT professionals, most of today’s nastiest cyber threats have something in common — they often start with a phishing email. That’s why it is mission-critical for organizations to keep an eye on the risk landscape and implement strong email security to ensure that they’re ready for today’s threats. Stopping phishing equals stopping dangerous threats and reducing cyberattack risk. These 2021 trends underpin the business email security picture right now and lay the foundation for future challenges that organizations will face. 

Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>

The Threats Detected in Email Analyzed by TrustGraph®in 2021 

Graphus’ proprietary technology, TrustGraph, thoroughly analyzes the content of every incoming email an organization protected with the solution receives. Phishing messages are detected and subsequently quarantined.  

  1. General phishing 55.5% 
  2. Malicious attachments 18.20%  
  3. Business email compromise (BEC) 13.48% 
  4. Executive spoofing 11.88% 
  5. Other 1.04% 

The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>

The Trends That Influence Today’s Phishing Landscape 

These quick looks at the drivers of risk today can help illuminate tomorrow’s threats.  

Phishing-related cyberattacks and losses have boomed 

Phishing-related cybercrime surged in 2021, and that tide doesn’t look like it will be lowering anytime soon. 

Phishing paved the way for other damaging cyberattacks 

Phishing is a gateway to disaster for businesses. Unfortunately, it’s a gate they’re not defending very well, giving cybercriminals golden opportunities to strike  

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

High Email & Phishing Volume Have Created Security Stress 

In 2021, 319.6 billion email messages were sent — up from 306.4 in 2020 — and email volume is expected to jump to 376.4 billion messages in 2022. Unfortunately, an increase in email volume is also an increase in the volume of phishing messages that an organization’s email security system has to handle. That’s reflected in reporting from the U.K. Information Commissioner’s Office (ICO). That agency recorded 150,317 phishing attacks in January 2021, which dramatically increased to a startling 4,135,075 in December 2021 — an increase of 2,650%.  

Some of their other findings were: 

  • Malicious spam shot up by 2,775% between January and December 2021.  
  • Phishing messages climbed 20% between January and December 2021.  
  • Malware attacks in 2021, commonly carried through phishing, boomed with a 423% increase. 

Learn about the evolution of ransomware and get tips to defend against it! GET EBOOK>>

Bad Actors Are Hungry for All Kinds of Sensitive Information 

Phishing kits are used in security awareness training to simulate phishing attacks. In a study of phishing kits, this is the data the bad guys asked their victims for the most. 

Information Requested % Presence in Total Analyzed Kits 
User credentials (email/ID and password combinations 100 
Credit card information 61 
Mailing address 40 
Phone number 22 
Date of birth 17 
Identity card number 15 
Answers to security questions 14 

Source: IBM X-Force Threat Intelligence Index 2021  

Learn how to add to your security team without adding to your headcount. FREE EBOOK>>

Here Are the Threats That Employees Fall For 

By analyzing the results of thousands of phishing resistance training sessions and phishing simulations run in 2021 using ID Agent’s award-winning security and compliance awareness training solution BullPhish ID, it’s easy to see that phishing is the top training concern because employees are unfortunately very likely to fall for many common phishing tricks. 

2021 BullPhish ID Phishing Resistance Training Totals  

  • Total number of training campaigns created – 81,484   
  • Total number of phishing simulation emails sent – 2,424,762     
  • Total number of clicks on phishing simulation emails – 106,670   

Top 3 Security Awareness Training Courses of 2021  

  • Phishing: Introduction to Phishing – 150,163 created trainings   
  • How to Avoid Phishing Scams – 129,666 created trainings   
  • Phishing: The Dangers of Malicious Attachments – 100,265 created trainings   

Top Phishing Simulation Campaigns That Successfully Drew Employee Interaction  

  • Office 365 – Suspicious Login – 10879 clicked     
  • FedEx – Package Delivery – 6535 clicked     
  • Google Docs – Invitation to Edit – 4492 clicked     

Top Phishing Simulation Campaigns That Captured Credentials & Data  

  • FedEx – Package Delivery – 2056 captures     
  • Office 365 – Suspicious Login – 1736 captures     
  • COVID-19: Sharepoint Webinar – 1440 captures 

AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>

Stop Phishing Before Employees Have the Chance to Start a Cybersecurity Disaster 

Graphus is an automated email security solution that is powered by AI. That means that it can intelligently sort and filter the emails that come into a company’s environment to determine which ones are safe and which ones are suspicious. How does it do that? By using a unique, patented algorithm that fosters machine learning, enabling it to learn each company’s unique communication patterns and refine its judgment criteria all by itself to tailor that company’s protection now and in the future.     

TrustGraph® automatically detects and quarantines malicious emails that might break through an organization’s email security platform or existing Secure Email Gateway (SEG), so the end-user never interacts with harmful messages.    

EmployeeShield® alerts recipients of a potentially suspicious message to danger that they may not notice by placing an interactive warning banner at the top that allows users to quarantine or mark the message as safe with a single click.    

Phish911™ empowers employees to proactively report suspicious and unwanted emails for IT to investigate reducing your exposure to potential disaster.   

Stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today. 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus