One in Every Two Emails Is Spam: Why Email Security Matters More Than Ever
Every day, our inboxes fill with unwanted messages — but the reality behind the numbers is even more alarming. Half of all emails sent globally are spam. That’s right: one in every two emails.
And even more worrying? These figures are among the lowest we’ve seen in years.
Spam and phishing emails remain so widespread for one simple reason: they work. While many spam emails are easy to spot, attackers have become increasingly sophisticated. Even people well‑trained in digital security can mistakenly click the wrong link and face serious consequences.
Why Spam Is Still So Common
For years, spam emails were largely nuisances — often promoting pharmaceuticals, miracle cures, or questionable services. Surprisingly, these campaigns generated enough profit to keep the cycle going. But today’s landscape is much more dangerous.
Cybercriminals now use spam and phishing emails to:
- Steal personal or financial information
- Install malicious software
- Take control of devices
- Launch ransomware attacks
- Trick organisations into making fraudulent payments
The rise in advanced phishing techniques means these emails are no longer just an annoyance — they are a genuine threat to individuals and businesses alike.
How Phishing Attacks Work
Phishing emails are specifically designed to look legitimate, often impersonating trusted brands, colleagues, or even family members. Their goal is to trick you into clicking a link, opening an attachment, or entering your credentials. Once you do, the attacker has what they need. Some common outcomes include:
1. Malicious Software Installation
Clicking a link or attachment may install malware that can:
- Mine cryptocurrency
- Spy on your activity
- Activate your webcam or microphone
- Log your keystrokes
- Spread infection to others in your organisation
These actions usually happen silently in the background, making them hard to detect.
2. Ransomware
One of the most destructive threats in recent years is ransomware — malware that encrypts your files and holds them hostage until a ransom is paid. Many individuals and organisations have lost money, critical data, or both.
3. Credential Theft
A common modern tactic is the fake Microsoft 365 login page. The user is asked to “confirm” their details; once typed, the credentials are stolen. Attackers then use the compromised account to message colleagues and request fraudulent payments.
These emails often look completely legitimate — making them extremely effective.
How to Spot (and Avoid) Phishing Emails
Some phishing attempts are obvious, containing spelling errors or badly written messages. But the most harmful ones look perfectly credible.
Here are practical steps to protect yourself:
- Be wary of emails from banks, Amazon, Microsoft, or other major companies. Scammers target these because so many people use them.
- Never click links or attachments if you’re unsure. Instead, type the company’s address directly into your browser and log in safely.
- Hover over the sender’s name to see their real email address. Display names can be faked easily.
- Be cautious with emails asking for money, even from friends or colleagues — their accounts may be compromised.
- If it feels suspicious, it probably is. Trust your instincts.
When in doubt, check with your IT team before opening or replying to anything questionable.
What to Do If You Clicked a Suspicious Link
It happens to everyone — even experts. As attackers become more sophisticated, mistakes are inevitable.
If you do accidentally click a link:
Contact your IT Service Desk immediately.
Speed is essential. They can isolate the threat, reset credentials, and assess the impact.Don’t assume everything is fine.
Many attacks run silently in the background with no obvious signs.Change your password if you entered it anywhere suspicious.
Ensure your files are backed up regularly.
This is your safety net in case of ransomware or data loss.
Staying vigilant is the best defence.
Final Thoughts
Spam isn’t just an annoyance — it’s a major security risk affecting every one of us. As phishing techniques grow more convincing, the line between a normal email and a dangerous one can be frighteningly thin. The good news is that awareness, caution, and quick reporting can dramatically reduce the risk. Stay alert, question anything unusual, and never hesitate to ask your IT team for help.
Author: Andrew Coyle
GDPR, Information Governance and Security Manager at Smartdesc
- Microsoft Licensing Changes Coming on 1 July 2026: What Your Organisation Should Know
- CSP Subscriptions: Key Changes to Extended Service Terms (EST) Coming May 2026
- Smartdesc Newsletter: Latest Blogs, Events, Surveys and More
- How Nonprofits Can Meet Sustainability Goals While Reducing IT Spend
- Microsoft 365 E7 – Everything You Need to Know About Microsoft’s New Frontier Suite