It turned out that 45%, nearly half of all emails sent last year, were illegal spam.
Global security company Kaspersky said on the 26th that 44.99% of worldwide email traffic last year was spam. Spam includes not only unwanted promotional emails but also a variety of email-based threats such as scams, phishing (theft of personal information), and malicious code (malware).
According to Kaspersky, individuals and employees at corporations encountered more than 144 million malicious or unwanted email attachments last year. That was up 15% from a year earlier.
By region, the Asia-Pacific (APAC) accounted for the highest share of detected email threats at 30%. By country, China and Russia recorded high detection rates. They were followed by Europe (21%), South America (16%), and the Middle East (15%).
With the spread of artificial intelligence (AI), email attacks are becoming increasingly sophisticated. Kaspersky said, "Recent email attacks are using various evasion techniques, such as attempting additional contact by linking emails with messengers and phone calls, or hiding phishing addresses with QR codes or link protection services."
Cases of abusing legitimate AI platforms such as OpenAI's ChatGPT have also been detected. Kaspersky said, "We discovered a scam technique that abuses OpenAI's organization creation or team invitation features to send spam emails," adding, "Threat actors are employing increasingly sophisticated and multilayered attack methods, even advancing business email compromise (BEC) techniques."
Roman Dedenok, an anti-spam expert at Kaspersky, said, "Email phishing should not be underestimated," adding, "One out of every 10 attacks targeting corporations starts with phishing, and a significant portion of these are advanced persistent threats (APT)." Dedenok said, "The commercialization of Generative AI has greatly amplified these threats," adding, "It is now possible to automatically tailor tone, language, and context to specific targets and produce persuasive, personalized phishing messages at scale."
Kaspersky advised that such email-based attacks can be a major starting point for breaches at corporations, and people should always be suspicious of unexpected invitations or links and check the URL before clicking. It recommended that corporations respond by adopting email security solutions, installing robust security software on all employee devices including smartphones, and providing regular security training on the latest phishing techniques.