---
title: "Emerging Email Security Threats in 2023 | DuoCircle"
description: "With the continued evolution of technology, new and emerging email security threats are expected to arise in 2023."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/"
---

Quick Answer

Five email security threats stood out in 2023\. 1) AI-driven phishing: machine learning analyzes social media to craft personalized lures matching the target's writing style and channel preferences, and kits increasingly bypass MFA via proxy attacks and MFA fatigue. 2) Business Email Compromise: BEC losses reached roughly $2.4 billion in 2021 per the FBI's IC3, and attackers shifted from impersonating executives toward mid-level employees with plausible backstories; defense relies on layered email security and out-of-band verification of fund or data requests. 3) Supply-chain attacks and account hijacking: attackers compromise vendors or take over real accounts to inject phishing into existing threads; defense includes vendor risk assessments, 2FA, updated AV/anti-malware, and email filtering for spam and graymail. 4) Ransomware: Ransomware-as-a-Service lowers the skill bar and double-extortion (steal then threaten leak) is common; defense is multi-layered with backups, awareness training, current security software, and an incident response plan. 5) Productivity-suite security: integrating email security with file sharing, IM, and user profiles is becoming the model, and API-based email security tools give SMBs and MSPs a single interface for cross-tool threat detection.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Femail-security%2Femerging-email-security-threats-in-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Emerging%20Email%20Security%20Threats%20in%202023&url=undefined%2Fblog%2Femail-security%2Femerging-email-security-threats-in-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Femail-security%2Femerging-email-security-threats-in-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Femail-security%2Femerging-email-security-threats-in-2023%2F&title=Emerging%20Email%20Security%20Threats%20in%202023 "Share on Reddit") [ ](mailto:?subject=Emerging%20Email%20Security%20Threats%20in%202023&body=Check out this article: undefined%2Fblog%2Femail-security%2Femerging-email-security-threats-in-2023%2F "Share via Email") 

![Emerging Email Security Threats](https://media.mailhop.org/duocircle/images/2023/03/spf-validator-7394.jpg) 

_With the continued **evolution of technology**, new and emerging email security threats are expected to arise in 2023\. This article looks at the emerging email security **threats** in 2023 and how to protect against these._

[Email security](/content/email-security-services/types-of-email-security) threats have been a **constant concern** for businesses in recent years, and the landscape is only becoming more complex. As technology advances, so do the tactics of cybercriminals, and organizations must stay ahead of the curve to protect their sensitive data. In 2023, emerging email security **threats** are set to cause even more havoc, and businesses must understand these risks and take steps to protect themselves. Let us see the emerging email security threats in 2023.

## Sophisticated Phishing Attacks Using AI (Artificial Intelligence)

[Phishing](/content/phishing-prevention/what-is-phishing) is the top cyber security concern for almost [50%](https://www.linkedin.com/feed/update/urn:li:activity:7026989966698156032/) of CISOs (Chief Information Security Officers) and CIOs (Chief Information Officers). With the increasing **prevalence of AI** in [cybersecurity](/), cybercriminals use AI to create more sophisticated and effective phishing campaigns. These campaigns use machine learning algorithms to analyze large social media datasets and other publicly available information to craft **convincing phishing emails** tailored to the individual recipient.

_AI-enabled phishing campaigns can mimic the writing style of the recipient, include personal details, and use the recipient’s preferred communication channels._ Such **personalization** can make it much more difficult for individuals to spot a phishing attempt, as the email appears to be from a legitimate source. Furthermore, it is expected that [phishing attacks](/resources/how-does-a-phishing-attack-work) will **target MFA** and services.

> As per the Director of Customer Services at Vade Secure, “We’ll see more phishing campaigns that are able to **circumvent** [MFA](/email-security/what-is-multi-factor-authentication-for-emails-and-is-it-essential) by acting as a proxy with the real authentication system or by tricking users who have **MFA fatigue**.”

## How to Protect Against AI-enabled Phishing?

To mitigate this risk, your organization must implement **top-tier anti-phishing solutions**. These solutions are designed to identify suspicious **signs of phishing emails** and prevent malicious content from reaching recipients’ inboxes. By deploying anti-phishing solutions, you can significantly reduce the likelihood of employees falling prey to phishing scams and inadvertently granting [hackers](/email-security/hackers-leak-twitter-account-data-putting-235-million-worldwide-at-risk/) access to your network.

## Rise in BEC (Business Email Compromise)

Email security is **critical** in protecting against BEC attacks, which are becoming **increasingly** prevalent and lucrative for cybercriminals. In fact, BEC-related losses amounted to nearly [$2.4 billion](https://www.ic3.gov/Media/PDF/AnnualReport/2021%5FIC3Report.pdf) in 2021, says the FBI’s Internet Crime Complaint Center.

These scams use **spoofed emails** that appear to come from a trustworthy source, such as an organizational executive, employee, or vendor, and typically request the recipient to transfer funds urgently. Cybercriminals employ manipulative [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) tactics to pressure their victims into **acting quickly**.

While some of these emails are blatantly fake, filled with grammatical errors, and repeatedly sent to the same [payroll](https://www.bbc.com/news/technology-59683889) employee, others appear legitimate and contain a plausible backstory to **enhance credibility**. Previously, fraudsters typically impersonated enterprise executives, but recently, there has been a **shift in tactics**, with mid-level employees being imitated more frequently, a trend that will rise in 2023.

[![Business Email Compromise](https://media.mailhop.org/duocircle/images/2023/03/dkim-selector-7395.jpg)](https://media.mailhop.org/duocircle/images/2023/03/dkim-selector-7395.jpg)

## How to Protect Against BEC?

To guard against [BEC attacks](https://www.infosecurity-magazine.com/news/bec-attacks-surge-81-in-2022/) and other email security threats, individuals and organizations should implement robust **email security** measures and **exercise caution** when handling emails, particularly those that request the transfer of funds or personal information. _Regularly reviewing and updating email security protocols is also advisable to stay ahead of evolving cyber threats._

## Surge in Supply Chain and Hijacking Techniques

[Supply-chain attacks](https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/supply-chain-malware?view=o365-worldwide) refer to cyber threats that infiltrate an organization’s systems by impersonating or compromising vendors with access to those systems. On the other hand, **hijacking** refers to attacks in which hackers use **compromised accounts** to join existing email communications or create new ones to deploy phishing or [spear-phishing](/content/spear-phishing-protection/spear-phishing-examples) attacks.

As organizations increasingly invest in [phishing awareness training](/phishing-awareness-training) to strengthen their email security defenses, the **human element** remains their greatest vulnerability to cyberattacks. However, this **improvement** in user awareness will force attackers to evolve their methods.

With users becoming more proficient at **identifying and reporting** common phishing scams, hackers will adjust their strategies by impersonating suppliers or customers, leading to an **increase** in supply-chain attacks and hijacking.

## How to Protect Against Supply Chain and Hijacking Techniques?

To protect against supply chain threats and hijacking techniques in email security, organizations should conduct **regular** third-party vendor [risk assessments](https://www.itgovernanceusa.com/cyber-security-risk-assessments) to assess the security posture of vendors and suppliers with access to the organization’s systems. _They should also implement **2FA** to reduce the risk of account takeover, update_ anti-virus _and anti-malware tools, and scan systems for related issues._

On the other hand, using **email filtering tools** that can catch spam and [graymail](https://www.techslang.com/definition/what-is-graymail/) and investing in phishing awareness training to strengthen the human element of their **cyber defenses** is crucial for organizations.

## The Dominance of Ransomware Attacks Will Continue

Ransomware attacks are expected to be one of the emerging email security threats in 2023\. These types of [cyberattacks](https://www.latestly.com/agency-news/world-news-cyberattack-hits-major-hospital-in-spanish-city-of-barcelona-4916780.html) have been a prevalent threat in recent years, and they are projected to **continue to evolve** in sophistication and severity, making them **difficult to detect** and mitigate. Hackers are expected to become even more skilled at evading detection and exploiting vulnerabilities to spread ransomware.

[Ransomware-as-a-Service (RaaS)](https://www.techopedia.com/definition/32410/ransomware-as-a-service-raas) is a source of revenue for cybercriminals, and it allows **less-skilled hackers** to access sophisticated ransomware to turn a profit. Additionally, **double extortion**, which involves stealing sensitive data and then threatening to leak it to gain leverage over victims, is another **popular tactic** among ransomware gangs.

_[Threat actors](/email-security/threat-actors-are-using-google-ads-to-launch-sophisticated-phishing-campaigns/), especially those with less expertise, are expected to continue leveraging RaaS to gain access to **sophisticated** ransomware tools and make a profit._

[![Ransomware-as-a-Service ](https://media.mailhop.org/duocircle/images/2023/03/windows-smtp-service-7396.jpg)](https://media.mailhop.org/duocircle/images/2023/03/windows-smtp-service-7396.jpg)

## How to Protect Against Ransomware Attacks?

_Organizations should go for a **multi-layered security** approach that includes regular backups of essential data, employee security awareness training, and up-to-date security software._ It’s necessary to have a **solid incident response plan** in place to detect and respond to any [ransomware attacks](/resources/ryuk-ransomware-attacks) quickly.

Organizations should also **regularly review** and test their security measures to ensure their effectiveness against the latest threats. Finally, it’s essential to be cautious of suspicious emails and avoid clicking on links or downloading attachments from unknown sources since ransomware is mostly dropped using **phishing emails**.

## Organizations Will Need to Prioritize Productivity Suite Security Over Email Security in 2023

[Productivity suite](https://smallbusiness.chron.com/productivity-suite-computers-70853.html) security integrates email security with other collaborative tools such as file-sharing applications, instant messaging, and user profiles. As organizations **increasingly rely** on these tools to drive productivity, productivity suite security is poised to supplant email security in 2023.

Hackers benefit from the sheer volume of **daily emails**, requiring organizations to triage vast amounts of data to detect threats. Integrating email security with other collaborative tools will allow organizations to detect and remediate threats from one interface, providing SMBs (Small-to-Medium-sized Businesses) and [MSPs (Managed Service Providers)](/msp-partner-program) with a **comprehensive solution** that enhances productivity suite security.

**API-based** email security alternatives, which integrate email security with internal networks, provide comprehensive [threat intelligence](https://www.eccouncil.org/cyber-threat-intelligence/), and detect low-volume threats, are emerging as the future of email security. These alternatives will allow organizations to leverage information from the email to protect collaborative tools and defend against **highly targeted attacks**.

As a result, organizations will increasingly turn to productivity suite security to protect against **email-borne threats** and keep pace with hackers in 2023.

## Final Words

The year 2023 brings **new** challenges for email security, with emerging threats such as ransomware attacks, supply chain hijacking, and phishing scams becoming more [sophisticated](https://www.darkreading.com/attacks-breaches/sophisticated-cyberattack-campaign-targets-defense-contractors) and **challenging to detect**.

Businesses must proactively adopt **new technologies**, enhance employee training, and implement the latest security measures. With the right approach and tools, organizations can stay ahead of these emerging email security threats and continue to **operate confidently** in the digital age.

## Topics

email securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  Email Security 7m  10 Crucial Tips that Will Help You Avoid Spam Filters and Send Better Emails  Feb 14, 2023 ](/blog/email-security/10-crucial-tips-that-will-help-you-avoid-spam-filters-and-send-better-emails/)[  Email Security 18m  Data Privacy And Protection: 11 Ways To Protect User Data  Jul 28, 2022 ](/blog/email-security/data-privacy-and-protection-11-ways-to-protect-user-data/)[  Email Security 4m  Google Workspace: Advanced Email Security Solutions  Aug 9, 2023 ](/blog/email-security/google-workspace-advanced-email-security-solutions/)[  Email Security 7m  Hackers Leak Twitter Account Data, Putting 235 Million Worldwide at Risk  Jan 17, 2023 ](/blog/email-security/hackers-leak-twitter-account-data-putting-235-million-worldwide-at-risk/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Emerging Email Security Threats in 2023","description":"With the continued evolution of technology, new and emerging email security threats are expected to arise in 2023.","url":"https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/","datePublished":"2023-03-09T16:27:05.000Z","dateModified":"2025-06-24T15:57:03.000Z","dateCreated":"2023-03-09T16:27:05.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/"},"articleSection":"email-security","keywords":"email security, News, Security, Updates","wordCount":1260,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/03/spf-validator-7394.jpg","caption":"Emerging Email Security Threats","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Email Security"},{"@type":"ListItem","position":3,"name":"Emerging Email Security Threats in 2023","item":"https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Email Security","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Emerging Email Security Threats in 2023","item":"https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Emerging Email Security Threats in 2023","description":"With the continued evolution of technology, new and emerging email security threats are expected to arise in 2023.","url":"https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/","datePublished":"2023-03-09T16:27:05.000Z","dateModified":"2025-06-24T15:57:03.000Z","dateCreated":"2023-03-09T16:27:05.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/email-security/emerging-email-security-threats-in-2023/"},"articleSection":"email-security","keywords":"email security, News, Security, Updates","wordCount":1260,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/03/spf-validator-7394.jpg","caption":"Emerging Email Security Threats","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```