Key Findings
24% of email messages overall are now malicious or unwanted spam.
Bitcoin sextortion scams account for 12% of malicious PDF attachments.
83% of malicious Microsoft documents contain QR codes designed to take users to phishing websites.
As many as 20% of organizations experienced at least one attempted or successful account takeover (ATO) incident per month.
47% of email domains do not have Domain-based Message Authentication, Reporting and Conformance (DMARC) configured to protect against unauthorized use, including spoofing and impersonation attacks.
23% of HTML email attachments are malicious, making them the most weaponized text file type detected. More than three-quarters of the malicious files detected overall were HTML files.
68% of malicious PDF attachments contain QR codes designed to take users to phishing websites.