
It is a no-brainer that email is one of the most used communication platforms in the world. While it is true, the global adoption of email especially in business communications sets it up for cybercriminals to pwn.
Email remains the way for cyberattacks. A recent report by Check Point points out that 68% of all global attacks were delivered through emails. Furthermore, 61% of malicious emails delivered contain HTML attachments while 22% include PDFs.
These statistics point to one thing — email security must be tightened whether an organizational or personal email, employing proactive measures toward your email safety shouldn’t be an afterthought.
The Role of Email in Cyberattacks
Almost everyone with internet access uses email, making it a highly effective tool for attackers to target a large audience. There were over 4.258 billion active email users worldwide as of 2022.
Unlike other forms of communication, email allows cybercriminals to reach individuals and organizations directly, often bypassing traditional security barriers such as firewalls or intrusion detection systems.
Phishing is one of the most common – if not the most common – threats to email security. Attackers through the use of Artificial Intelligence and Cybercrime-as-a-Service (CaaS) craft highly conceiving personalized emails to deceive individuals, exploit their trust, and demand them to take action – to click on a link or download a file.
The chances of a clicked link or a file downloaded being malicious are likely, and as they are, the security of your data or organization is never guaranteed.
Related: The Human Factor: How Social Engineering Exploits Psychology to Breach Security
How Attackers Use HTML and PDF Attachments
Cybercriminals often use HTML files in email attachments because they can easily hide malicious code inside them that runs automatically when opened. These files can look completely harmless at first glance, but once opened, they can trick users into entering their personal information or even download harmful software onto their devices without their knowledge.
A common example is when attackers send fake login pages disguised as real websites. These fake pages ask users to input their usernames and passwords, which are then stolen by the attackers.
PDFs, which many people trust because it’s commonly used for official documents like reports and invoices, are often used in the execution of attacks. Cybercriminals can hide malicious content in PDFs, which can launch harmful programs or direct victims to phishing websites when opened.
One of the tricks they use is hiding JavaScript inside the PDF, which can automatically execute actions such as downloading malware or taking users to fraudulent websites.
How to Protect Yourself Against Email Threats
- Verify with the sender – If unsure, contact the sender through another method before opening an attachment.
- Look out for usual suspects – Look for red flags like urgent requests, misspellings, or unfamiliar senders.
- Avoid clicking on unexpected attachments – Never open HTML or PDF files from unknown or suspicious sources.
- Hover over links before clicking – Check if the link matches the sender’s claimed website.
- Enable email filtering – Use spam filters to block suspicious emails before they reach your inbox.
- Turn on Multi-Factor Authentication (MFA) – This adds an extra layer of security, even if attackers steal your password.
- Keep software updated – Regularly update your email client and security software to patch vulnerabilities.
Bonus: Always scan all URLs sent via email with online malicious scanners like Virus Total.