Let’s go phishing! Email security trends to keep up with in 2022 - N-able (2024)

Although it’s good to stay optimistic for 2022, it’s difficult to deny that the main challenges the world has been facing since the beginning of the pandemic are still among us. Cybersecurity continues to be one of the key global targets for criminals in a world where an ever-increasing percentage of the workforce is shifting to working from home (WFH), leaving organizations more vulnerable than ever to a wide array of threats.

Related Product

Mail Assure

Boost email security with collective intelligence and seamless Microsoft 365 integration.

Of course, some threats are more worrying than others. And for people who use email (that would be an astounding four billion of us every day), the most pernicious attack is phishing. Indeed, 86% of organizations had at least one employee clicking a phishing link last year according to a CISCO’s 2021 cybersecurity threat trends report. On top of this, the stakes are getting higher: 2021 saw the highest average cost of a data breach in 17 years, up from $3.86 million in 2020 to $4.24 million. And there is no reason to believe these numbers will go down any time soon.

This begs the question: why is this? Why aren’t businesses already used to and prepared for these attacks? Why are cybercriminals being allowed to steal more data and money every year using what seems like an outdated technique?

In this blog we’ll try to provide some answers.

Phishing has never been more targeted

Regardless of how many cybersecurity layers your company covers (or at least tries to), the bottom line—and the greatest vulnerability—always remains the human factor. Before implementing security protocols, meeting various technical compliances, or installing all sorts of defensive software, the first step towards safety should be cybersecurity education delivered to all employees no matter their position in the company.

Uneducated staff are the easiest prey for targeted phishing, or advanced spear phishing. While quickly replying to an email that seemingly comes from a trusted source, like a vendor, the financial department, or even your company’s CEO, sounds like a no-brainer to most, that can lead to dire consequences if done without appropriate caution.

Spear phishing attacks target data based on the illusion of trust. So, staff need to learn to be wary of things like requests for a quick financial transaction, an e-signature, or any other sensitive information cybercriminals could find useful. Phishing emails can even mention their name, job rank, or any information that can be casually found on social media—all while being structured like your regular business (or casual) email with no straightforward red flags.

Often these emails will have a link somewhere in the body—and how many times do we think before clicking on an email link? Apparently, not nearly enough. A 2021 report from FireEye found that spear phishing emails had an open rate of 70%, with 50% of recipients clicking on enclosed links (which is ten times the rate for basic, mass phishing).

It is clear that unless businesses step up and drive change, things can go even farther downhill. Email will stay one of the main targets of increasingly sophisticated attacks in 2022, forcing companies to take essential security measures more seriously than before.

Clone phishing

As if advanced spear phishing wasn’t bad enough, cybercriminals have developed a next-level threat that can trick the most cautious users: clone phishing.

Imagine receiving a legitimate email with a link, then, a little while later, you receive an updated version of the same email. It can be anything—an invitation, a customer list, a refund notice—the content of the email stays mainly the same, only the links have been “updated”. Who would sense bad intentions there?

With clone phishing, cybercriminals are copying an authentic email that they have intercepted and replacing the genuine links with malicious ones, usually leading to malware installation. In the aftermath, it is not only the recipient who is at risk but also their entire contact list.

Naturally, this type of attack is especially vicious because it relies on the credibility of the original email and its sender. It is advised that users are extra careful when receiving emails with:

  • Subject lines suggesting a time-sensitive matter (e.g., “Hurry”, “before it’s too late”, “expires on”)
  • Emails that strongly emphasize that the recipient needs to access a link or a file
  • Invitations to events or to collect rewards/promotions, especially if the email is re-sent

Most common malicious content and stolen data

As mentioned above, phishing emails usually contain attachment and/or links that compel the recipients to click on them. A 2021 Tessian survey found that PDFs are most commonly used as malicious attachments. This might be explained by the fact that PDF is a reliable and familiar format—it can also be used to hide malware links, run JavaScript, provide fake invoices, and so on.

The same source suggests that there was a surge in malicious PDFs and Microsoft Office files as a consequence of the shift to remote work after the outbreak of the pandemic. However, it’s important to note that as people are slowly starting to return to offices and are getting used to the phishing storm that has affected all industries, attachments are becoming a less effective way to steal data. In fact, 76% of malicious emails in 2021 did not contain an attachment. Fewer the symptoms, fewer the chances of detecting the problem (in time, that is).

Successful attacks intend to steal as much private, sensitive, business-critical information as possible. For criminals, stealing data is very similar to completing a puzzle—one where the pieces have different values. The top three types of data currently targeted by phishing attacks are:

  • Credentials (passwords, PINs, account names, etc.)
  • Personal data (full name, email and home addresses, etc.)
  • Medical information

Credential theft stands head and shoulder above the others. According to Verizon’s 2021 DBIR report, SMBs were subject to 47% of data breaches (1,037 incidents, 263 with confirmed data disclosure)—of the data compromised, credentials make almost a half (44%). In a world where at least 60% of business-related passwords fail to meet minimum security requirements, these numbers are a recipe for on-going disasters.

How to stay safe?

We live in a dangerous world, but that is no reason to despair. There are proven ways to stay on top of phishing threats, no matter how complex. So, let’s quickly summarize them here:

1. Always check the URL

When in doubt, do not click. Hover your mouse over the link to see where the link directs to. If the address showing in the hovered link is not the same as the address it says it is, do not click on it. If you accidentally click on the link, don’t enter any information on the website; simply close the browser window.

2. Lookout for malicious email attachments

Be careful when receiving email attachments. Check the file first by saving it to your downloads folder and check the file extension. If it contains any of the following: .JS, .EXE, .COM, .PIF, .SCR, .HTA, .vbs, .wsf, .jse at the end of the file name, it has a strong potential to be malicious and you should not click on it or try to open it.

Please note: that these are only some of the more common threatful extensions and that there are many other that you should be cautious about.

3. Add powerful email security

Solutions like Nable™ Mail Assure can help you safeguard your email from phishing attacks. Leveraging collective intelligence for inbound and outbound email security, Mail Assure uses data gleaned from monitoring more than 2 million domains under management. With near 100% filtering accuracy and 24/7 email continuity, Mail Assure processes that data in its protection engine to combine with near real-time, pattern-base threat recognition and a variety of filtering technologies to help protect against spam, viruses, ransomware, malware, phishing attacks, and other email-borne threats.


The growth of phishing attacks over the past couple of years has shown how effective targeted and topical attacks can be. The sheer availability of information online allows criminals to shift from a mass approach to sending tailored emails that have a considerably higher chance of succeeding. And as the technology becomes available to automate much of this reconnaissance, it is natural to assume attackers will take advantage of it.

Obviously, 2022 is expected to be yet another challenging year for cybersecurity specialists around the world. And while keeping staff educated and aware of the threats surrounding their work and privacy is an essential first step, deploying an efficient security solution is also a must.

If you’re searching for affordable and effective email security, N‑able Mail Assure is your answer here and now. Why not give it a try and provide your business with an extra layer of protection?

Nicolae Tiganenco is Product Marketing Specialist at N‑able

© N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.

This document is provided for informational purposes only and should not be relied upon as legal advice. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.

The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common law marks, are registered, or are pending registration with the U.S. Patent and Trademark Office and with other countries. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.

Let’s go phishing! Email security trends to keep up with in 2022 - N-able (2024)


What is the trend of phishing attacks? ›

1. Phishing is the single most common form of cyber crime. An estimated 3.4 billion emails a day are sent by cyber criminals, designed to look like they come from trusted senders. This is over a trillion phishing emails per year.

What is phishing and how is it evolving in 2022? ›

The primary goal of phishing attacks is data theft, accounting for 85% of incidents. The top 3 most attacked industries using social engineering from Q3 2022 to Q3 2023 (inclusive) were government agencies (44%), military-industrial enterprises (19%), and organizations in the field of science and education (14%).

What is the short answer to phishing? ›

What Is Phishing? Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim's machine.

What is email phishing security concerns? ›

If you've responded to a phishing scam, the attacker can possibly: Hijack your usernames and passwords. Steal your money and open credit card and bank accounts in your name.

What is the most popular form of phishing? ›

Deceptive phishing is the most common type of phishing scam. In this ploy, fraudsters impersonate a legitimate company or recognized sender to steal people's personal data or login credentials. Those emails use threats and a sense of urgency to scare users into doing what the attackers want.

What are the four types of phishing? ›

Below are six main types of phishing attacks utilised by cyber criminals, with an explanation of how they work:
  • Business Email Compromise (BEC) or CEO Fraud. ...
  • Vishing. ...
  • Smishing. ...
  • Clone Phishing. ...
  • Spear Phishing. ...
  • Whaling.

What do fraudsters who phishing usually steal? ›

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.

How to prevent phishing emails? ›

Do not share personal information. Even when communicating with a trusted individual, personal information — e.g. Social Security numbers, bank information, passwords, etc. — should never be exchanged in the body of an email. Block spam.

What is phishing in one sentence? ›

phishing • \FISH-ing\ • noun. : a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly. Examples: The widespread use of electronic banking and financial transactions has prompted the FTC to crack down on cyber crimes, such as phishing.

How to identify a phishing email? ›

How can I tell if an email is phishing?
  1. Suspicious sender address. Check the sender's address carefully and make sure it's really coming from who it says it's coming from.
  2. Spoofed web links. ...
  3. Spelling, grammar, and layout. ...
  4. Suspicious attachments. ...
  5. Threats or a false sense of urgency. ...
  6. Generic salutation.

What is a real life example of phishing? ›

An email from PayPal arrives telling the victim that their account has been compromised and will be deactivated unless they confirm their credit card details. The link in the phishing email takes the victim to a fake PayPal website, and the stolen credit card information is used to commit further crimes.

What 5 things could identify a phishing email? ›

Frequently Asked Questions
  • Urgent action demands.
  • Poor grammar and spelling errors.
  • An unfamiliar greeting or salutation.
  • Requests for login credentials, payment information or sensitive data.
  • Offers that are too good to be true.
  • Suspicious or unsolicited attachments.
  • Inconsistencies in email addresses, links and domain names.

What information do phishers want? ›

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information -- such as credit card numbers, bank information, or passwords -- on websites that pretend to be legitimate.

What are the common red flags of a phishing email? ›

Sense of urgency or threatening language. Unfamiliar or unusual senders or recipients. Spelling or grammar errors. Request for money or personal information.

Are phishing attacks increasing? ›

According to recent research from IRONSCALES, 81% of organizations around the world have experienced an increase in email phishing attacks since March 2020, and a recent study by APWG observed a record number of phishing attacks in Q3 2022.

Why phishing attacks are increasing? ›

As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Have phishing attacks increased? ›

Phishing Statistics: USA

In 2021, there were $6.9 billion of total losses reported, compared to $10.3 billion of total losses in 2022. Phishing scams have also drastically increased, with a 1,139% increase in reported phishing attacks from 2018 to 2022.

What is the trend in number of cyber attacks? ›

As the globe becomes more interconnected and reliant on digital technologies, cybercrime is surging. The year 2023 saw a notable increase in cyberattacks, resulting in more than 343 million victims. Between 2021 and 2023, data breaches rose by 72%, surpassing the previous record.


Top Articles
Latest Posts
Article information

Author: Rueben Jacobs

Last Updated:

Views: 5398

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Rueben Jacobs

Birthday: 1999-03-14

Address: 951 Caterina Walk, Schambergerside, CA 67667-0896

Phone: +6881806848632

Job: Internal Education Planner

Hobby: Candle making, Cabaret, Poi, Gambling, Rock climbing, Wood carving, Computer programming

Introduction: My name is Rueben Jacobs, I am a cooperative, beautiful, kind, comfortable, glamorous, open, magnificent person who loves writing and wants to share my knowledge and understanding with you.