Spam statistics: a deep dive into unwanted emails

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Are you tired of constantly deleting spam emails? Do you feel overwhelmed by the flood of promotional emails and product offers? Unfortunately, spam has become an ongoing issue that affects individuals and businesses alike. The statistics related to spam are not only concerning but also eye-opening.

To protect organisations and their customers from this persistent threat, it is crucial for senior leaders to understand the impact of spam and the characteristics of messages that are more likely to bypass filters. In this blog post, we explore key spam statistics that highlight the destructive nature of spam attacks.

By analysing these statistics, organisations can enhance their defences and effectively combat spam.

Author’s Top Picks

  • In 2023, 32% of threat actors used email as a pathway to disrupt organisations.
  • The United States of America currently leads as the country of origin of spam emails with 8,765 spam emails sent.
  • Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day.
  • Nearly one in ten (9.9% or 255,222) emails were identified as malware compromised.

Spam statistics

1. In 2023, 32% of threat actors used email as a pathway to disrupt organisations.

Threat actors are constantly looking for new ways to evade cyber-threat detection. Over the years, email has been a great method to deceive finance professionals as a means to disrupt organisations. For organisations, email is still a common form of communication between stakeholders. Considering that email remains a prevalent mode of communication for stakeholders, it becomes an avenue for threat actors to exploit.

2. The total number of business and consumer emails sent and received daily will exceed US$333 billion in 2022 and is forecast to grow to over US$392 billion by year-end 2026.

According to Radicati research, email usage demonstrates robust growth among both consumer and business users. Considering the enduring nature of this universal communication method, it is imperative for individuals to proactively explore protection measures.

3. In 2022, nearly 49% of all e-mails globally were identified as spam, up from 46% in 2021.

Each year, cyber-criminals are advancing in their sophistication, leveraging automated technology to streamline spam content. These malicious actors can send thousands of emails daily, posing a significant threat. It is alarming to note that a single click on an unsuspecting link can trigger a virus, resulting in a potential data breach.

4. The United States of America currently leads as the country of origin of spam emails with 8,765 spam emails sent.

The detection systems of the AV-TEST institute go beyond identifying the quantity and nature of spam emails; they also track their origins. Apart from the United States, Russia stands in second place, responsible for 2,585 spam emails sent, followed by Germany with 1,262 spam emails sent. It is important to note that a portion of these emails contains malicious software like the CVE2017-11882, FakeLogin, Agent and the DTT trojan. For more information, AV-Test provides a list of countries of where spam typically originate from.

5. In 2023, 18 million emails were reported by the State of the Phish organisations over 12 months.

Multi-factor authentication (MFA) is a cost-free solution that combats spam emails effectively. Other solutions that users can implement are anti-spam software or incorporating cybersecurity awareness training. According to Proofpoint’s research, they suggest starting the defence against these attacks by asking critical questions such as identifying the targeted individuals within the organisations and determining key priorities.

6. Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day.

Phishing emails are easy to orchestrate and oftentimes combine social engineering tactics to deceive targeted individuals. Phishing emails typically bait their victims with a malicious link or attachment. Sometimes, these attacks can be difficult to detect.

7. Spam accounts for 14.5 million messages globally per day. This makes up 45% of all emails according to research.

Spam laws further reinforce the fact that the United States holds the top position as the largest generator of spam emails. Email spam statistics reveal that advertising-related emails dominate the landscape, constituting approximately 36% of all spam folders and messages.

8. Scams and fraud comprise only 2.5% of all spam emails, however, identity theft makes up 73% of this figure.

According to a study conducted by Radicati Research, the research firm calculate that spam cost businesses $20.5 billion annually in decreased productivity. This doesn’t include the indirect costs of spam emails such as business disruption and reputational costs.

9. In 2022, the number of unknown malware threats spiked to 3.8 million, indicating a substantial 46% surge according to Trend.

When comparing the detection of malicious files by Trend, it becomes evident that the instances of unknown malware experienced a significant surge in 2022, with 3,757,812 cases identified, surpassing the 2,567,642 instances recorded in 2021. It’s worth mentioning that during the same period, the number of known malware files witnessed a decline of 32%. This suggests that cyber-criminals are continuously developing new forms of malicious software to evade detection.

10. According to Google, Gmail blocks more than 100 million spam emails per day.

Google Security maintains a proactive approach to staying ahead of evolving cyber threats by continuously enhancing its cybersecurity solutions. The tech giant’s machine-learning models have proven to be highly effective, successfully blocking over 99.9% of spam, phishing, and malware from reaching Gmail inboxes.

Most common types of spam attacks

11. Nearly one in ten (9.9% or 255,222) emails were identified as malware compromised.

According to the study conducted by the AIC, URL shortening is frequently used when embedding links in emails. This spamming technique is used to evade detection and blacklisting to spread malicious content. For example, cyber-criminals disguise a trusted original URL that leads to a phishing website. Unfortunately, this powerful technique may also deceive anti-virus programs.

12. According to Proofpoint’s latest state of phish report, 83% of respondents were hit by at least one successful email-based phishing attack in 2022.

In addition to malware distribution through spam emails, ransomware, a prevalent form of malware is increasingly recognised as a common attack method. As we’ve seen in the news, ransomware has targeted high-profile organisations causing millions of dollars in business disruption.

13. Scamwatch received 14,603 reports about bank impersonations with more than $20 million reported lost. More than 90 of these reporters individually lost between $40,000 and $800,000.

Email impersonation scam is a type of phishing technique that involves using a fake email address that appears to look like it’s coming from a legitimate source. Unfortunately, bank impersonations are just one of the types of impersonations that scammers love to utilise. Not only are they distributed through email but also via phone calls or text messages. This makes it harder to identify which one is legitimate or fake.

14. Another new spam attack involves unpaid road toll impersonations. According to Scamwatch, in Australia, a total of 14,858 reports were received in 2022 with reported losses of $664,093.

To ensure your safety, it is advisable to exercise caution and deliberate before responding to impersonation scams. These scams often create a sense of urgency or threat within these scams. If you encounter any such activity, it is important to report the scam promptly via your manager, the Scamwatch website or your local Police.

Spam research indicates that it is not recommended to respond to spam messages. According to Cloudmark, responding to spam messages can have adverse consequences, as at least 25% of individuals who responded experienced an increase in the amount of spam junk received. Therefore, it is advised to refrain from engaging with spam messages to minimise the potential negative effects and avoid further inundation with unwanted spam.

16. On average, Australians receive 4.98 scam calls, emails, SMS and social media messages per week.

Spammers often create fake accounts to send friend requests or unsolicited messages on social media platforms. They can achieve this via automated scripts and bots. Spammers can use automated scripts or bots that can rapidly generate and register multiple fake accounts in bulk. Similar, to how bulk spam emails are sent.

Impact on individuals and businesses

17. Nucleus Research estimates that the average loss per employee annually because of spam is approximately $1,934.

Spam attacks can have several negative impacts on an employee, both personally and professionally. For example, an employee may experience productivity loss. Spam emails are constantly flooding individuals’ inboxes every year. Leading to a waste of time and energy in sorting through and deleting unwanted messages. Other negative impacts include security risks, reputation damage and increased stress.

18. People aged 65 and over are falling victim to scams more frequently than any other age group with the most reported financial losses.

Scams and spam attacks can impact anyone, no matter the age. However, statistically, certain age groups may be more vulnerable or targeted. Elderly individuals, typically those aged 60 and above are often considered more susceptible to spam attacks. This is primarily due to factors like limited technical knowledge, or less familiarity with only security practices.

19. 30% of email users are concerned that their filters might filter genuine incoming emails.

Most email users are worried that their filters might filter genuine incoming emails due to the potential for false positives. False positive occurs when a legitimate email is mistakenly identified as spam and is filtered out. If this occurs, users must review their filtering system or software for any technical issues.

20. Attacks against the financial sector represented 27.7% of all phishing attacks in 2022. This was recorded as the largest set of attacks against an industry.

Since January 2019, there has been an exponential growth in phishing attacks, with each month witnessing an increase. The year 2022 marked another significant milestone in phishing attacks, as the APWG recorded over 4.7 million attacks. These statistics carry crucial implications for business. In the midst of 2023, it becomes imperative for organisations to prioritise their cybersecurity strategy to mitigate the risks of cyber-attacks.

21. Last year, Australians reported more than 74,000 phishing attacks with financial losses of more than $24.6 million according to Scamwatch.

It’s important to stay vigilant and exercise caution when dealing with emails, especially those from unknown or suspicious sources. It’s best practice to avoid clicking on unfamiliar links, downloading suspicious attachments or providing personal information. As we move on to combating the spam epidemic, users should look to implement security solutions like email authentication protocols like SPD, DKIM or DMARC.

Combating the spam epidemic

22. Gartner announced its prediction that board governance will evolve by 2025 with 40% of boards will have a dedicated cyber security committee.

A cybersecurity committee plays a crucial role in an organisation’s ability to combat cyber-crime effectively. This committee brings together a diverse range of expertise, driving proactive risk management and more. Bringing together a committee can have numerous benefits to staying ahead of cyber-criminals. Its contributions are vital for the organisation’s success in maintaining robust cybersecurity measures.

23. Anti-spam software market is expected to reach $22 billion by 2030.

According to Cognitive Market Research, the Global Anti-Spam Software market was valued at USD 4.62 billion in 2022 and is projected to reach USD 22.03 billion by 2030. The market’s consistent growth can be attributed to the widespread occurrence of cyber-attacks. Notably, the study highlights the transformative impact of emerging technologies, such as artificial intelligence (AI).

24. Data reporting samples were taken from an anti-spam device and within one month it had obtained spam by 17.56%.

According to a study conducted by the IOP, spam emails are sent extensively and without the recipient’s consent, violating their authorisation. The study identified various types of email security threats, including spam, spoofing, imposter, and bulk emails. The findings strongly emphasise the necessity of anti-spam device technology to counteract these threats effectively.

25. According to a 2022 study released by the Cyber Readiness Institute, 46% of small business owners claim to have implemented MFA methods.

By implementing MFA, organisations significantly strengthen their security posture and reduce the risk of a successful cyber-attack. It adds an extra layer of protection, making it harder for attackers to compromise accounts like email accounts or user accounts. MFA enhances authentication security and helps prevent unauthorised access to devices or data.

26. The most convenient multi-factor authentication method used worldwide is a smartphone (73%).

Other than utilising anti-spam software, there are other effective ways to combat spam. One effective method is through employee education and awareness. Educating users about the risk associated with spam emails and guiding how to identify them can be effective. Cybercriminals use psychological tricks to deceive employees by relying on human error. By differentiating a legitimate email and a spam email, users can avoid downloading suspicious attachments.

27. In 2022, 72% of entities had a cyber security strategy, up from 61% in 2021.

The cyber threat landscape has evolved significantly over the past several years, with each attack becoming more sophisticated and frequent The rising number and severity of these cyberattacks have compelled organisations to prioritise cybersecurity to safeguard their intellectual property, data and financial assets.

28. 68% of entities provided cyber security training for their workforce at least annually.

Executives who are looking to implement cybersecurity training should do so on a year-by-year basis. Cyber security training should cover a wide range of attacks including common threats like phishing, social engineering tactics, business email compromise attacks and more. For more information, we teach you how to combine your cybersecurity strategy with financial controls to create an effective cyber-crime strategy.

The Commonwealth Cyber Security Posture 2022 report demonstrate that email security, email encryption and website encryption have grown from Feb 21 to May 22. Free email hosting services like Microsoft Office 365 and Google Workspace offers a range of security protocols that make it easy for small businesses to implement.

30. Mimecast’s cloud-based spam filtering service blocks 99% of spam messages with 0.0001% false positives.

Cloud-based spam filtering is an advanced method used to filter and block spam emails by utilising a cloud-based service. Unlike traditional software or hardware solutions, cloud-based spam filtering offers the ability to handle large volumes of email traffic effectively. This makes it an invaluable tool, especially for businesses experiencing significant email scaling needs.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.