85 percent spam email contains a link to download data rather than attached files

There’s a new technique used by spammers in Malspam that contains malicious URLs instead of file attachments and this surely needs our attention.

According to a report, more than 85% of malware email also known as malspam sent in months between April to June contained links to download malicious files instead of file attachments. This information was gathered by a cyber-security firm named Proofpoint in its Q2 2019 report.

According to the report, the category of spamming users with malicious URLs is trending and is also being dominated as the favorite way to spread malicious content to various users via email. We think that spam operators are not stupid enough to spend their time and money on the stuff that might not help them efficiently. So instead we think this new email spamming technique might be providing spammers with more clickthroughs and infections as compared to the previous technique of attaching files to emails and we think the malspam sent nowadays turn out to be more convincing to users as compared to malicious file attachments.



According to Proofpoint, although the dominance of URLs might be due to majority other factors but we think one of the reasons behind this new strategy is that maybe the end-users were kind of getting more suspicious about file attachments in unknown emails and this new strategy might be a way to avoid that. URLs are used by so many business owners in the emails on regularly basis to help employees with access to shared files or collaboration updates via email as organizations move to the cloud. So the use of URLs in malspam is something more convincing for end users which can make more users victim of these malicious email attacks.

The detailed analysis by Proofpoint in the malspam is something that needs attention from the cyber-security market and companies should also focus on providing people with anti-phishing training programs to help them be prepared of the trending spam attacks accordingly.


According to a previous report by Proofpoint, 99% of the email attacks require human interaction and it usually happens when the potential victim open files, clicks on the links or does any sort of action that might make the cyberattack activate.

A little training taught to the users can help them detect these kinds of malicious email spams and can also help avoid these malicious attacks in the future.

The Threat Report by Proofpoint Q2 2019 displays the following insight of malicious attacks

· More than 57% of malspam is done with the use of domain spoofing.

· More than 37% of emails were a victim of Botnet-based malware and it was one of the most popular payloads sent via malspam campaigns.

· After the Botnet-based malware, banking Trojan was the second-highest malware attack affecting 23% emails, info-steals third with 16%, malware loads ranking fourth with 8%, remote access trojans at 6% and backdoor Trojans with least affecting emails of 5%.

· According to a recent analysis, the ransomware cyber-attack was virtually absent in Q2.



Along with updating technologies, these malicious attacks are also being modified so companies need to provide some training sessions to aware people of trending malware attacks and ways to avoid it.

Read next: An increase of 21% noticed in phishing attacks in Q2 2019, says a Report by Kaspersky
Previous Post Next Post