Nearly half a billion Emails to Businesses contain malicious content, Hornetsecurity Report finds
- One-third of all emails received are unwanted, with 2.3% of unwanted emails containing malicious content
- Phishing remains the top email threat, accounting for a third of attacks – despite other popular emerging attack types
Hanover, Germany (4 December 2024) – Hornetsecurity’s annual Cybersecurity Report has revealed that a third (36.9%) of all emails received by businesses (20.5 billion) in 2024 were unwanted. Of these, 2.3% contain malicious content, totalling 427.8 million emails.
Once again, phishing remains the most prevalent form of attack, responsible for a third of all cyber-attacks in 2024. This was confirmed by the analysis of 55.6 billion emails, showing that Phishing remains a top concern consistently year over year. Malicious URLs and advanced fee scams were responsible for 22.7% and 6.4% respectively.
Commenting on the findings, Daniel Hofmann, Hornetsecurity CEO, said: “These findings highlight both progress and new challenges in the fight against cyber threats. While it’s encouraging to see some consistency in attack methods, for defensive purposes, the shift toward more targeted social engineering tactics means businesses must stay vigilant.
“With over 427 million malicious emails still reaching inboxes, it’s clear that cybersecurity strategies must evolve to stay ahead of increasingly sophisticated threats. This data underscores the need for stronger email security coupled with user awareness to keep organisations safe.”
Rise in reverse-proxy credential theft
Nearly every malicious file type saw a decrease compared to last year. However, HTML files (20.4%), PDFs (19.2%), and Archive (17.6%) files remain in the top three spots in a continuation from 2023.
The data shows a decrease in the use of malicious attachments, this is due to a rise in reverse-proxy credential theft attacks over the past year, which use social engineering and malicious links (not attachments) to trick users. These attacks redirect users to fake login pages that capture credentials in real-time, even bypassing two-factor authentication.
Malicious URLs are the second most common type of attack, making up 22.7% of all attacks. Their use surged in 2023 and continues to grow as attackers use them in credential-stealing attempts. Tools such as Evilginx allow attackers to set up fake login pages to trick users into entering their credentials, which are then captured.
Rising targeted attacks across all industries
Due to the net decline in attacks, the threat index for nearly every industry dropped during the data period compared to 2023. However, the data continues to show that every industry is under attack – with mining, entertainment, and manufacturing being the most targeted for ransomware attacks and double-extortion scams.
Shipping brands, such as DHL and FedEx, are the most impersonated brands online. Cyber attackers are targeting customers through phishing scams that boast a high degree of similarity to real communications from these organisations. DocuSign and Facebook also both saw more than double the amount of impersonation attempts compared to 2023, while Mastercard and Netflix both saw notable increases as well.
The need for zero-trust mindset
Hofmann added: “In 2025, organisations must prioritise basic security practices and embrace a zero-trust mindset to tackle vulnerabilities head-on and foster a strong security culture. Building a well-defended business isn’t possible without engaging everyone—helping them understand how cybersecurity impacts them personally and why their role is essential to keeping threats at bay.
“This report’s findings should motivate, not deter, organisations from focusing on cybersecurity. By working with trusted vendors, companies can not only protect themselves but also tap into expert knowledge that elevates their overall cybersecurity strategy.”
Click here to read the full Cybersecurity Report, including its predictions for 2025.
Please visit here to sign up for a panel discussion about the finding of this report.
Notes to Editor:
1. The study was conducted by Hornetsecurity’s in-house Security Lab, which reviewed more than 55.6 billion emails that were processed through Hornetsecurity’s security services during the reporting period November 1, 2023 to October 31, 2024.
2. For further information and resources, please see Chapter 5 of the report.
About Hornetsecurity
Hornetsecurity is a leading global provider of next-generation cloud-based security, compliance, backup, and security awareness solutions that help companies and organisations of all sizes around the world. Its flagship product, 365 Total Protection, is the most comprehensive cloud security solution for Microsoft 365 on the market. Driven by innovation and cybersecurity excellence, Hornetsecurity is building a safer digital future and sustainable security cultures with its award-winning portfolio. Hornetsecurity operates in more than 120 countries through its international distribution network of 12,000+ channel partners and MSPs. Its premium services are used by more than 75,000 customers.
Media enquiries
Please contact us at press@hornetsecurity.com.