Malicious actors are increasingly exploiting email to impersonate brands, launch phishing campaigns, and spread false information — often using sophisticated methods made simpler by emerging technologies.
A new report from Valimail shows that email continues to be the most exploited attack vector for cybercriminals and disinformation campaigns, with artificial intelligence dramatically increasing the sophistication of these threats.
“In 2024, we witnessed some of the most sophisticated email-based attacks in history,” says Al Iverson, industry research and community engagement lead at Valimail. “From North Korean targeting of vulnerable domains to widespread supply chain attacks on US municipalities and general attacks on educational institutions, cybercriminals are exploiting weaknesses in email systems with increasing precision, eroding trust in digital communications.”
AI-generated emails now more than ever can convincingly mimic legitimate communications, dramatically increasing the success rate of phishing and spoofing attacks. Every sector from financial services to healthcare, government, and education faces significant email-based threats, with varying levels of preparedness.
Although more than 7.2 million domains have implemented some form of email authentication, such as DMARC, approximately half remain insufficiently protected against domain spoofing. The report shows that DMARC continues to be a highly effective approach that can authoritatively prevent the most pernicious spoofing attacks when properly implemented.
“What’s particularly concerning is that while many organizations have taken initial steps toward securing their email domains, a significant percentage have implemented overly permissive or non-protective policies,” says Valimail co-founder and CEO Alexander GarcÃa-Tobar. “This creates a false sense of security while leaving these organizations vulnerable to impersonation attacks that can damage reputation, erode customer trust, and compromise sensitive information.”
You can get the full report from the Valimail site.
Image credit: lightkeeper/depositphotos.com
