The Top Email Security Threats: Explained

Malicious email remains one of the most significant and ongoing threats facing organizations, so it is a worthwhile endeavor to learn to recognize the most common email security threats.
Laura Iannini
February 15, 2023

In the modern digital landscape every organization, from large enterprises to SMBs, should be concerned with the safety of their digital data. Rampant cybercrime and the constantly evolving methods used by cyber attackers makes its vital for all of us to carefully consider our security stance and to always be updating and improving our understanding of the different types of email threats.

Email security threats are some of the most significant dangers to organizations cyber security. This is because cyber criminals have become so adept at crafting email-based attacks and have over the years gotten their hands on a staggering amount of money by delivering malware, attracting victims to malicious websites, and collecting stolen confidential and sensitive data. In fact, over 90% of cyber-attacks begin with a malicious email.

We all could benefit from a good baseline of understanding on and familiarity with the top email threats. Read on to discover what they are.

Top Email Security Threats


A phishing attack is a form of social engineering attack used by cyber criminals to steal valuable user information such as bank details, debit or credit card numbers, and login credentials, with attacks often carried out using fraudulent communications that are designed to appear legitimate and trustworthy. By impersonating trusted contacts or brands these attackers start off with a level of credibility, which makes it easier to convince users to divulge the kind of sensitive information they would usually be more wary of sharing.

Data breaches caused by successful phishing scams can be costly, both in monetary loss and through account compromise and data loss. In IBM’s Cost of a Data Breach report they claim that companies have spent $4.24 million on cost associate with data breach in 2021, increasing considerably from $3.86 million in 2020. Out of all of these phishing attacks, 96% arrive via email.

Read Next: How To Stop Phishing Attacks


Malware (short for malicious software) is the term for any software designed specifically to cause damage to or destroy a computer, computer network, or server. Malware can come in a variety of different forms including ransomware, viruses, adware, Trojans, worms, and spyware. A malware program that manages to infiltrate your devices has the power to extract financial data, private data, hack the network and damage the system, leading to serious breaches of data, unauthorized access to sensitive files and documents, and even having fund stolen directly from bank accounts.

In 2020, 61% of organizations experienced a rapid spread of malware from one employee to another. That number jumped to around 74% in 2021, a notable increase from the previous year.  

Read Next: How To Prevent Malware Attacks


Ransomware is malicious software that comes with a ransom demand. This malicious software is commonly deployed through a phishing attack and works by giving threat actors access to the network or devices, enabling them to utilize the malware needed to encrypt your devices and data. Once encrypted the data and devices are essentially locked away, inaccessible, with the key to decrypt them held at ransom by the attackers – usually for a significant sum of money. The fall out from these attacks can be crippling, resulting in significant data loss, financial losses, and damage to trust and brand reputation which can take years to recover from.

In Mimecast’s 2021 State of Email Security report 61% of respondents claimed to have experience disruption to their businesses as a result of ransomware at some point in the last year.

Read Next: How To Secure Against Ransomware

Business Email Compromise

This email threat involves a bad actor communicating through email to impersonating a high-level executive, employee or trusted supplier. This theft of identity tricks unsuspecting employees into carrying out their requests without a second thought, performing tasks like paying fake invoices or divulging sensitive information under the assumption that they are safe to do so. This type of attack exploits the fact that so much of our communications – personal and professional - is conducted over email.

BEC attacks are most often carried out through either account compromise of domain spoofing, using fake emails that aim to stir up a sense of urgency in the recipient to make them act more rashly. BEC has seen a notable increate in recent years, rising by 14% overall in 2020 and up to 80% in some sectors.

Read Next: How To Prevent Business Email Compromise


Unwanted and unsolicited bulk email, known as spam, is a common nuisance which often consists of advertisements for goods and services but can also be used to spread malware, encourage recipients to hand over personal information, or use manipulative tactics to steal money from victims. Spam is unfortunately difficult to avoid and is a resource and productivity drain, one which can lead to quantifiable monetary loss. Spammers often use software programs known as ‘harvesters’ to harvest information from websites, newsgroups and any other online service where users identify themselves via their email addresses.

The cost of spam includes loss of productivity, loss of time and damage to reputation. Spam emails can harbor viruses capable of infecting entire systems and almost 85% of all emails are spam emails.

Read Next: How To Block Spam Emails

Vendor Email Compromise

Vendor email compromise is a variation of business email compromise and is another cybercrime based on email fraud. This scam involves attackers hacking the business email accounts of reputable vendors in order to manipulate companies, their stakeholders and their customers into revealing sensitive information or sending money. Fraudsters use a compromised business account from a trusted vendor to gather knowledge on potential knowledge and apply that knowledge to create meticulously crafted, targeted and well-timed email communications.

VEC attacks can cause significant losses for an organization financially and can cause reputational damage, as well as introduce security and compliance risks associated with data loss. The average cost of a successful VEC attack is $183,000 and companies of all sizes can be targeted.

Read Next: How To Prevent Vendor Email Compromise


Each of us, whether we be a home user or a company owner, should be making email security a priority going forward. The first step in getting ahead of the curve with regards to email security is to sharpen our understand and learn to recognize current email security threats that can harm data and lead to vulnerabilities. In this article we have covered some of the most harmful and prevalent forms of emails threats.

Constant Edge work to simplify the process of getting secure. Get in contact with us to learn more about how we help businesses to solidify their protection against email threats.

Contact us