Many people might not realize that before emails land in your inbox, they first undergo a filtrating process that aims to detect and eliminate harmful content. Nevertheless, over the years, email service providers—most notably Gmail—have transitioned toward merely applying “warning labels” to messages with questionable links or attachments. This tactic, which could be seen as “beating around the bush,” has done little to diminish threats. Astonishingly, a staggering 91% of all cyberattacks still originate from emails. So, what’s going wrong?
DMN Security Bite is proudly presented by Mosyle, the only Apple Unified Platform. Our primary mission is to ensure Apple devices are prepared for work and secure. We employ a unique integrated strategy that combines advanced Apple-specific security solutions, including automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and exclusive Privilege Management, alongside the most robust Apple MDM available. Consequently, we offer a completely automated Apple Unified Platform, trusted by over 45,000 organizations to streamline Apple devices effortlessly and at a cost-effective rate. Start your EXTENDED TRIAL today and discover why Mosyle is the comprehensive solution for working with Apple.
Let’s first examine the current state of the situation.
In a previous Security Bite, I highlighted research conducted by the web browser security firm SquareX that highlighted the inadequate measures many companies are taking to combat harmful attachments and safeguard users.
The research team sent out various types of malware samples via email using Proton Mail to addresses hosted on iCloud Mail, Gmail, Outlook, Yahoo! Mail, and AOL (which is now part of Yahoo!). Importantly, if the emails are successfully delivered, those users may become exposed to threats hidden in the attachments.
The table below illustrates the outcomes of dispatching 7 out of 100 malicious samples across several email providers, indicating whether the harmful attachment was delivered. “If an email goes undelivered, it usually signifies that malware was detected by the server during processing,” as per SquareX’s findings.
Image: SquareX
The Dilemma
Investing in strong email security measures may appear to be an essential step toward protecting users. Yet, as Ian Thornton-Trump, CISO at the threat intelligence firm Cyjax, pointed out to Forbes, “this is akin to interrogating the free Wi-Fi at Starbucks on why they aren’t entirely preventing cyber attacks.” He elaborated that achieving a balance between free access and security can be quite challenging.
Thornton-Trump also noted that implementing advanced email security features “can lead to significant issues related to false positives, which may necessitate deploying technical support resources for assistance—that financial burden could be unmanageable across millions of users on a free platform.”
Additionally, there are claims that email providers are delaying necessary improvements that could require substantial investments and affect their profit margins. While not strictly designed to combat spam, iOS 18, iPadOS 18, and macOS 15 offer enhanced categorization and summaries of emails thanks to Apple Intelligence, helping users sift through clutter and prioritize important messages.
I’m eager to see if Apple will eventually incorporate any AI security functionalities into the Mail app. Leveraging Apple Intelligence to better alert users or automatically eliminate harmful attachments and URLs in real-time could prove transformative.
I’d love to hear your opinions. Please assure me you’re not still using AOL…
About Security Bite: Security Bite is a weekly column focusing on security topics featured on DMN. Each week, Arin Waichulis provides insights on data privacy, uncovers vulnerabilities, and highlights emerging threats across Apple’s expansive ecosystem of over 2 billion active devices to help keep you safe.
FTC: We use income-earning auto affiliate links. More.
