Emails with malicious URLs increase by 2,200% in the past year

The number of emails containing malicious URLs increased by nearly 600% in the past three months and by 2,200% in the past year, according to research by Proofpoint.

The Quarterly Threat Report for Q3 2017 also found that the total number of malicious emails sent by cyber criminals increased by 85% in the past quarter, with the explosion in URL attacks being a major factor.

The report, which collects the findings from a daily analysis of emails, social media posts, and malware samples, claims that the third quarter of any year is a “flashpoint for threat researchers,” because the number of attacks spikes and cyber crime trends become clearer.


The surge in malicious URLs continues a pattern that Proofpoint has been tracking throughout the year. It’s the result of the overall increase in email-based threats and the success of URLs compared to attachments in delivering malware.

Proofpoint notes that, in the past quarter, malware that has typically been sent in malicious attachments has reappeared in malicious URLs. The most notable example of this is September 2017’s re-emergence of Locky.

This has caused a 74% drop in the number of emails containing malicious attachments, but that’s not to say they don’t still pose a major threat. Major attack methods, such as ransomware and banking Trojans, are frequently delivered through attachments.

Ransomware accounted for 64% of all email malware attempts – with Locky comprising almost 86% of that total – and banking Trojans accounted for 24%.

Proofpoint also noted a rise in fraudulent domain name registrations. Cyber criminals create websites that look similar to legitimate sites, using them to trick people into handing over personal information. Many organizations have tried to combat the threat by pre-emptively registering domains similar to their own, but Proofpoint reports this has been largely ineffective. For every one domain that organizations register, cyber criminals register twenty.

Outsmarting cyber criminals

These findings show how difficult it is to defend against cyber criminals: they’re sending more and more phishing emails, they frequently change their methods, and they target people’s weaknesses.

Technology can help prevent attacks, but according to Mimecast, 24% of emails that reach users’ inboxes are “unsafe.”

With the constant threat of cyber crime, everyone needs to take back the advantage by learning how cyber attacks work and what to look out for. This will help you anticipate threats and avoid falling victim.

If your organization is concerned about email-based threats, you should enroll staff on our Phishing and Ransomware – Human patch e-learning course.

This course provides an overview of phishing, ransomware, and the link between them. Having completed the course, your employees will be able to:

  • Explain what phishing is
  • Outline the consequences of a phishing attack
  • Describe ransomware and crypto-ransomware
  • Identify how to avoid falling victim to phishing attacks and ransomware
  • List the steps to take if they think they’ve been compromised

Find out more about our Phishing and Ransomware – Human patch e-learning course >>