The way in which we now communicate, and work has been entirely re-shaped since the pandemic. In this article we will be discussing the top email threats of 2022.

Most businesses continue to offer hybrid and remote positions to potential candidates. However, this online transition has caused an inevitable increase in cyber threats.

As more businesses choose to communicate via email correspondence, it has created a goldmine opportunity for cyber criminals to target vulnerable and distracted users with their cyber crime antics.

Some of the most popular social engineering trends that we have noticed this year include:


A significant increase in spam and malware content hidden inside of emails.


Spear phishing has noticeably made a bigger appearance in 2022. Cyber criminals posed as an employee of the targeted company by mimicking their email signatures as a way of spreading malware and obtaining private information.


Lastly, widespread spoofing has also played a significant role in social engineering tricks of this year. This attack requires the cyber criminal to alter their email domain name to that of the business that they are targeting. These can be tricky to spot at first, but they commonly are not exact and are misspelled.

The year 2022 has been a busy one for cyber attackers. Researchers have found that during the first six months of this year, we have seen a 48% increase in email attack attempts. What’s more worrying is that 68.5% of these attacks, were considered to be a phishing scam. The scam involves an attacker impersonating a trusted and popular brand in order to trick targeted employees to give out their login credentials.

Interestingly, LinkedIn was the brand of choice for most cyber attackers to pose as.

Malware links and attachments in emails

Malware infected emails take the top email threats of 2022. Cyber criminals would pose as an internal employee of the targeted business, and tempt the recipient to either download a file or click on a link that has been infected by malware.

Each year we see more tactful and sophisticated cyber attack attempts that make them harder to spot. For example, during the course of this year, we have seen cyber attackers gain access to target organisations’ data through malicious emails. Their success was all thanks to how genuine their email correspondence appeared i.e., using the same business domain name and email signatures. When emails appear this genuine, it is harder to spot and challenge them. Ultimately increasing the likelihood of the victim falling to this type of scam.

Cyber attackers will take any opportunity to convince their targets to give them access to their personal information. During early December, there has been an increase in charity impersonation phishing scams. The emails would ask users to donate old equipment and items to a “charity”. Inside of the email, an attachment would be present that outlined a list of “accepted donations”. However, instead of a list, the attachment was in fact a malicious file.

Brand impersonations

Another top email threat of 2022 have been brand impersonations. Cyber threats that involve brand impersonations are everywhere. We see them often in our email inboxes, but these attacks continue to rise and spread to social media and other online platforms. There has been a particularly growing threat on LinkedIn of 22.4% of detected brand impersonation scams (3.5% up from last year).

Why are these scams so successful? It’s all to do with trust and credibility. It is easier to trick someone into doing something if there is trust already built there. Throw in an incentive and you got yourself a deal.

This is the exact reason why you must stay vigilant when doing anything online. Make sure you are taking the time to analyse your emails and online activity. Especially during the busiest time of the year where everyone is doing their last minute Christmas shopping.

How to spot email threats

Each year cyber criminals social engineering tactics become more convincing and harder to spot. To keep your business and employees safe from these email threat attempts, ensure that your IT infrastructure is adequately protected and follows all of the best cyber security practices.

There are ways to increase your email security internally that will block most of the malicious emails from coming in.

Another benefit would be to provide regular cyber security training to your employees. This will provide them with the skills to recognise these scams and reduce the risk of cyber attacks on your business.