Q3 Threat Report

Our latest report reveals top threats and trends for Q3 2017


Malicious URL attacks returned with a vengeance. Ransomware reigned supreme. And fraudsters worked aggressively to impersonate trusted brands in email, social media and the web. Those are just a few of standout trends we saw in the third quarter within our global customer base and in the wider threat landscape. 

Click to download the full report, or view the infographic.

Key Findings


  • Malicious email volume soared 85% from the prior quarter, propelled by an explosion of malicious URL attacks.
  • Ransomware remained the top malware category, accounting for almost 64% of all email malware attempts across our global customer base.
  • Banking Trojans represented 24% of all malicious email volume, with a strain called “The Trick” accounting for 70% of that total.
  • Email fraud attempts rose 29% over the previous quarter.

Exploit kits and web-based attacks

  • Traffic from exploit kits (EKs) held steady but at levels a mere 10% of its 2016 peak.
  • The RIG EK accounted for 76% of all EK activity. Attackers are layering social engineering schemes into their EK campaigns.


  • Suspicious domain registrations outnumbered defensive registrations 20 to 1.
  • Defensive registration of brand-owned domains fell 20% vs. the year-ago period. Suspicious domain registrations grew 20%.

Social Media

  • Fraudulent support accounts, used for so-called “angler phishing,” doubled from the year-ago quarter.
  • The number of fake customer support accounts grew 5% over the previous quarter while the volume of phishing links on branded social channels rose 10%.

Download the full report