--- title: "What we Know from the Latest Email Threat Research | DuoCircle" description: "The latest Threat Intelligence Report is out. Its findings are based on an analysis of 195 billion emails analyzed from January through June 2020." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/" --- Quick Answer Mimecast's 2020 Threat Intelligence Report analyzed 195 billion emails between January and June 2020 and found 47% were flagged as malicious or spam. Key trends: attackers focused on monetary gain rather than IP theft; COVID-19-themed campaigns dominated, with vertical-specific lures (healthcare, government, essential services) tailored for industry-specific terminology; ransomware activity rose; file-compression attachments were the dominant delivery format even after Emotet's pause; the majority of attacks were hybridized, mixing techniques; and impersonation detections increased 30% from January to April 2020 as remote work expanded the BEC attack surface. The takeaway: attackers reuse research and templates across verticals, so defenders need email authentication, gateway filtering, and post-delivery scanning, not signature-only tools. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fphishing-protection%2Fwhat-we-know-from-the-latest-email-threat-research%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20we%20Know%20from%20the%20Latest%20Email%20Threat%20Research&url=undefined%2Fblog%2Fphishing-protection%2Fwhat-we-know-from-the-latest-email-threat-research%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fphishing-protection%2Fwhat-we-know-from-the-latest-email-threat-research%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fphishing-protection%2Fwhat-we-know-from-the-latest-email-threat-research%2F&title=What%20we%20Know%20from%20the%20Latest%20Email%20Threat%20Research "Share on Reddit") [ ](mailto:?subject=What%20we%20Know%20from%20the%20Latest%20Email%20Threat%20Research&body=Check out this article: undefined%2Fblog%2Fphishing-protection%2Fwhat-we-know-from-the-latest-email-threat-research%2F "Share via Email") ![email threat](https://media.mailhop.org/duocircle/images/2020/08/SMTP-email-9651.jpg) The latest [Threat Intelligence Report](https://www.mimecast.com/globalassets/documents/whitepapers/threat-intelligence-report-black-hat-usa-2020.pdf) is out. Its findings are based on an analysis of **195 billion emails** analyzed from January through June 2020\. Of that large number, _an astonishing 47% were flagged as malicious or spam_. It won’t come as a shock to learn that there were two main themes in the **threatening emails** this spring. According to [HelpNetSecurity](https://www.helpnetsecurity.com/2020/08/04/analysis-of-92-billion-rejected-emails-uncovers-threat-actors-motivations/), “Two main trends ran throughout the analysis: _the desire for attacker’s monetary gain and continued reliance on COVID-19-related campaigns, especially within certain vertical industries_.” From the report, “One of the most significant observations of this research is that threat actors are launching opportunistic and **malware-based campaigns** across multiple verticals at volumes never seen before.” It’s interesting to note the attackers’ emphasis on verticals, but it does make sense. _So much of what threat actors do is to craft targeted emails with industry-specific terminology_. After all, they are i**mpersonating an insider**. After they do all that research and craft the emails, _it only makes sense for them to want to use that information and those emails more than once_. And information from the report confirms this. “Alongside this **malicious software**, threat actors have increased their sender impersonation efforts, seeking to take advantage of the circumstances of the ongoing pandemic with [business email compromise](/email-security/the-newest-business-email-compromise-request-gift-cards/) containing multiple forms of social engineering. In fact, researchers found impersonation detections had **increased by 30%** from January to April 2020\. _The ongoing pandemic has increased the attractiveness of BEC attacks_, so that criminals can take advantage of the circumstances prevailing during the periods of stay-at-home orders across many U.S. states.” Here are the main findings from the report: - Significant attacks came from organized criminal groups for primarily monetary gain, _instead of focusing on intellectual property theft_. - Verticals with “essential” status during the pandemic were repeatedly targeted. - Ransomware is on the rise, placing businesses at greater risk of **ransomware attack**. - Attackers choose **file compression** as their main attack delivery format despite Emotet’s halt in activity. - The majority of attacks were **hybridized**. - **Impersonation attacks** continue to accelerate as threat actors sought to sow confusion during stay-at-home orders. [![phishing protection](https://media.mailhop.org/duocircle/images/2020/08/hosted-email-server-6324.jpg)](https://media.mailhop.org/duocircle/images/2020/08/hosted-email-server-6324.jpg) That’s the bad news. Now for the good news. There’s an easy and inexpensive way to protect yourself and your organization from all these busy threat actors: [Phishing Protection](/email/phishing-protection) from [DuoCircle](/). _Phishing Protection is cloud-based_. That means there’s no hardware to buy, no software to buy, no maintenance and it sets up in about 10 minutes. _Easy. And it cost just pennies per user per month. Inexpensive_. _As the report clearly demonstrates, the attacks are not going to stop_. The question becomes, what are you going to do about it? You could do nothing and wait for disaster to strike. Or, you could _do just a little bit more than nothing and protect your entire organizations_. What are you waiting for? ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ Phishing 11m AI-Generated Phishing Has Eliminated the Typo: Why Traditional Email Filters Are No Longer Enough Apr 28, 2026 ](/blog/ai-generated-phishing-eliminates-typos-making-traditional-email-filters-ineffective/)[ Phishing 5m 10 Applications of ChatGPT that Hackers Are Already Exploiting May 3, 2023 ](/blog/phishing-protection/10-applications-of-chatgpt-that-hackers-are-already-exploiting/)[ Phishing 4m 65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks Mar 29, 2016 ](/blog/phishing-protection/65-global-businesses-ill-equipped-defend-email-based-cyber-attacks/)[ Phishing 9m 7 Ways to Protect Your Organization from Email-based Ransomware Attacks Feb 11, 2018 ](/blog/phishing-protection/7-ways-protect-organization-email-based-ransomware-attacks/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"What we Know from the Latest Email Threat Research","description":"The latest Threat Intelligence Report is out. Its findings are based on an analysis of 195 billion emails analyzed from January through June 2020.","url":"https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/","datePublished":"2020-08-12T17:23:30.000Z","dateModified":"2025-04-10T13:57:37.000Z","dateCreated":"2020-08-12T17:23:30.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/"},"articleSection":"phishing-protection","keywords":"","wordCount":469,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/08/SMTP-email-9651.jpg","caption":"email threat","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"Phishing"},{"@type":"ListItem","position":3,"name":"What we Know from the Latest Email Threat Research","item":"https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"Phishing","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"What we Know from the Latest Email Threat Research","item":"https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"What we Know from the Latest Email Threat Research","description":"The latest Threat Intelligence Report is out. Its findings are based on an analysis of 195 billion emails analyzed from January through June 2020.","url":"https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/","datePublished":"2020-08-12T17:23:30.000Z","dateModified":"2025-04-10T13:57:37.000Z","dateCreated":"2020-08-12T17:23:30.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/phishing-protection/what-we-know-from-the-latest-email-threat-research/"},"articleSection":"phishing-protection","keywords":"","wordCount":469,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2020/08/SMTP-email-9651.jpg","caption":"email threat","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```