Email is one of the main technological innovations that has revolutionised the way we understand the world, as well as reconfigured the business model. Since its invention in 1965, the evolution of this means of communication has been groundbreaking, and according to data from Statista, there were already more than 4.260 billion users who used email in 2022, and the number of emails sent on that same date amounted to 330 billion, with a growth forecast of 17.8% by 2026. However, the high use of this technology has also made it one of the most vulnerable: according to Techopedia, more than 3.4 billion phishing emails occur daily, with these attacks being responsible for 90% of data breaches.
On the occasion of National Email Day, Check Point Software Technologies Ltd. is sharing the evolution of email, to see how it has developed to become one of the main communication tools, and in turn, a central point of attack by cybercriminals. According to Check Point Software, currently, more than 90% of attacks on companies originate from malicious emails. In the last thirty days, 62% of malicious files were distributed via email, and it has been shown that one in 379 emails contains this type of file, with the PDF format being the most common, with a frequency percentage of 59%.
Check Point Software also reveals how phishing is predominant in different regions: in India, an organisation has been attacked on average 2444 times per week in the last 6 months, compared to 1151 attacks per organisation globally. Apart from that, EXE is the top malicious file type by email, with 57%
The evolution from the first Email
Email was invented in 1965 by a group of researchers from the Massachusetts Institute of Technology (MIT). It was the first electronic messaging system for internal use, although at that time it differed greatly from what is known today. In 1971, Ray Tomlinson invented the email system with an infrastructure similar to today’s: it was a personal digital mailbox where you could receive messages.
Email began to be used as a method for conducting business starting in 1978, when the first email marketing campaign was launched by Gary Thuerk. However, email was restricted to business use until the late 1980s. Microsoft Mail was the first program launched for users, which also incorporated the option to add attachments in 1992. From that moment, other electronic mailbox options began to emerge: Microsoft Outlook in 1993, Hotmail in 1996, Yahoo Mail, and Gmail.
Email has been one of the most frequent formulas for distributing malware, with attacks as significant as Creeper or Happy99, causing corporate disasters like WannaCry (3.800 million euros) or MyDoom (34.000 million euros). Phishing attacks are one of the most commonly used formulas for distributing malware and ransomware. This kind of cyber threat started in 1996 when the term was first used by America Online (AOL). Cybercriminals created random credit card numbers and opened new accounts on AOL, posing as employees of the service itself to steal users’ credentials. Later, in the 2000s, the concept of ‘Spray and Pray’ emerged, a phishing campaign in which a well-known brand was impersonated to scam potential customers to steal their credentials.
This cyber threat has evolved by employing sophisticated techniques such as identity spoofing and putting Artificial Intelligence and DeepFake technology at their service. Spoofing is a technique where the use of AI is fundamental: the attacker falsifies the email address to impersonate another person or organisation with the main goal of deceiving the recipient into believing that the email is coming from a legitimate source. Ransomware attacks very often use this kind of method to encrypt the victim’s files or lock the entire system until the ransom is paid. According to Check Point Software, 10% of companies worldwide have experienced ransomware attacks, representing a 33% increase compared to the previous year.
The reach of phishing attacks is unlimited and mainly affects large companies: according to Check Point Research (Brand Phishing Report Q1 2024) on phishing attacks, Microsoft was the most targeted (38% of phishing attacks worldwide), followed by Google and LinkedIn. This type of threat can lead to large-scale data leaks, as happened recently with the well-known case “Mother of all Breaches” this January 2024, a supermassive leak of more than 26 billion records that contains LinkedIn, Twitter, Tencent, and other platforms’ user data.
