Twenty-three years ago, a Filipino computer science student realized he could no longer afford to pay for internet access. But Onel de Guzman was not one to give up. A year earlier, he had laid out a password-stealing scheme in his thesis proposal at AMA College. The school rejected it, but Guzman was determined not to let his efforts go to waste. He put his proposal into practice, building the computer worm, which he dubbed ILOVEYOU, to steal other internet users' passwords and use their accounts without paying for access.
Guzman initially designed the bug to only work in Manila, where he lived. However, upon seeing how successful his worm was, curiosity got the better of him. Guzman lifted the bug's geographical restrictions. Chaos ensued. In just ten days, Guzman's worm had infected 45 million Windows computers and caused $10 billion in damages. Guzman, just 24 years old, had inadvertently created the world's first phishing email.
Nearly a quarter of a century later, the world has largely forgotten Onel de Guzman. When he created the worm, the Philippines had no law prohibiting malware creation, and Guzman miraculously avoided prosecution. But Guzman's actions echo throughout history; in the second quarter of 2023 alone, VIPRE Security Group detected over 230 million malicious emails.
Today, malicious emails plague the internet. From the most powerful multinationals to normal social media users, email threats can – and will – tarnish reputations and drain bank accounts. To effectively combat email threats, we must understand the landscape. VIPRE's Q2 Email Threat Report helps us do just that.
Who is being attacked?
While Guzman's attack was indiscriminate, cybercriminals today have favorite targets. In Q2 2023, Information Technology (IT) organizations received by far the most phishing emails, followed by government entities (21%), educational institutions (11%), the financial sector (9%), healthcare organizations (9%), and construction companies (4%).
Interestingly, cybercriminals targeted the financial sector most often in Q1 2023. Attacks on healthcare organizations also fell significantly from Q1 to Q2. This fall is likely because the financial and healthcare sectors, in the wake of a tough quarter, have upped their defenses against phishing attacks. Hackers have likely switched to targeting government agencies because they are notorious for having poor cybersecurity, handling an extraordinary amount of sensitive data, and it's relatively easy to discover what defenses they have in place.
What techniques do attackers use?
A staggering majority (85%) of phishing emails utilize malicious links embedded in an email's content, while only 15% hide them in attachments. Most modern internet users know the dangers of opening attachments; Guzman hid his Love Bug in a spoof attachment. It's a technique as old as email threats themselves, and users are wise to it, so cybercriminals avoid using it. However, malicious links in an email's content are more challenging to detect. Smart social engineering tactics can fool even the savviest users into clicking a spoof link. Hyper-responsive touch screens also make clicking a link embedded in text by mistake a distinct possibility.
While Guzman played on emotional weaknesses, disguising his malicious attachment as a love letter, modern cybercriminals use a more advanced, sophisticated approach, where they impersonate trusted brands. In Q1 2023, cybercriminals impersonated Microsoft most often, followed by DHL, WeTransfer, and Apple. In Q2, Microsoft still reigned supreme, with Apple, DocuSign, and SpareBank replacing the runners-up.
What are the new attack techniques to watch out for?
Twenty-three years on from the first phishing email, cybercriminals continue to innovate. In June 2023, VIPRE AV Labs discovered that cybercriminals had begun to use QR codes for phishing unsuspecting victims.
VIPRE also discovered a new malspam campaign containing a ".docx" attachment which, in turn, contained a malicious external resource page that was called when the user opened the file. The campaign exploits the CVE-2022-30190, or "Follina," vulnerability to facilitate remote code execution (RCE) on the victim's system by leveraging the Microsoft Support Diagnostic Tool (MSDT).
What about business email compromise (BEC)?
VIPRE classified 48% of scam emails in 2023 as BEC scams. BEC scams attempt to fool users into transferring money with social engineering techniques and typically impersonate a high-level executive. According to VIPRE, BEC scams tripled from Q1 to Q2 2023.
Commonly used BEC phrases include:
Commonly spoofed senders include examples like:
And commonly used domains are those from free email services, such as:
The legacy of the ILOVEYOU worm continues reverberating through the digital landscape. While Guzman's actions went largely unpunished due to the absence of specific laws at that time, his inadvertent creation of the first phishing email set a precedent for cybercriminals to exploit vulnerabilities in email systems.
Today, malicious emails have become a pervasive threat, targeting various sectors, with IT organizations being the primary victims in Q2 2023, followed by government entities and educational institutions. Cybercriminals' tactics have evolved, with most relying on malicious links in email content to deceive users. These attacks often impersonate trusted brands to increase their chances of success.
As cybercriminals continue to innovate, new attack techniques emerge, such as using QR codes for phishing and exploiting vulnerabilities like CVE-2022-30190. The constant evolution of email threats demands heightened awareness and robust defenses from individuals and organizations alike.
Understanding the email threat landscape is crucial for combating these attacks effectively. Through vigilance, education, and improved cybersecurity measures, we can work towards mitigating the impact of malicious emails and protecting our digital identities and assets in an ever-changing cyber world.
About the Author: Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
Antivirus software is not enough. Apex Technology Services used its decades of IT and cybersecurity
experience to create budget-friendly network security packages every company needs.
Please take a moment to fill out your information so we can contact you directly regarding your request.
Financial phishing scams, a prevalent form of bank scams in Australia, have plagued Australians for years, leading to significant financial and emotio…
Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors and responds to various threats to an organization's ne…
With the rise of cyber-attacks and high-profile data breaches, companies are increasingly recognizing the need to integrate security into every phase …
A business's brand reputation can either make or break the business. It's a powerful concept that can influence customers, attract new clients, and in…
In the fast-paced landscape of modern software development, the tools and practices you choose can make or break the efficiency of your development pi…