Email Security Blog

10 Cybercrime Predictions for 2022 from INKY

It’s been a rough couple of years. Cybercrime has made a steady climb in the U.S. and around the world. For nearly two years, the pandemic has been a key source of fresh material for hackers, as they prey on our fears in order to successfully deceive email users across all industries. Phishing emails seem to have come in droves, successfully swindling employees into giving up credentials, installing malware, assisting in CEO impersonation scams, enabling ransomware attacks, and more.

We’re all more than ready for a little good news. But if INKY’s Magic 8 Ball is on target for 2022, cybercrime and email phishing attacks will arrive with a vengeance and the only good news ahead will be reserved for those who took a proactive approach to email security.

Here is a list of ten Cybercrime Predictions for 2022, straight from the phish catcher’s mouth.

PREDICTION #1: Smarter, Slipperier, Phish. We expect cybercrime tactics to continue to evolve in 2022, increasing in sophistication, variety, and impact. Phishing attacks will be harder to detect and their volume will rise.

PREDICTION #2: Casting a Wider Phishing Net. We observed a 70% increase in detected malicious emails in 2021. Attackers used a “spray and pray” approach to target their victims, where mass phishing emails were sent to as many recipients as possible, extracting features (name, domain name) from a recipient’s email address to personalize phishing emails for each recipient. We predict this to intensify in 2022.

PREDICTION #3: Poisonous Phish. Email recipients can expect more malware attacks via poisoned attachments. Bad actors have gotten sneakier about how they deliver malicious links. In the past, such links would simply be placed in the body of the email, which allowed them to be easily checked against threat intelligence feeds. Phishers adapted their tactics to evade email security detection. In 2021, a trend began to emerge - malicious links were being placed in non-threatening attachment types, especially HTML and PDF. Such poisoned attachments may also contain malicious code that executes automatically if clicked. In 2021, INKY detected 425,895 of these attacks, up 158% year on year. We expect to see a double-digit increase in 2022.

PREDICTION #4: Cloud Collaboration Phish: The ongoing abuse of legitimate cloud collaboration tools (Canva, Google Docs, Microsoft OneDrive) will make it harder to detect cyberattacks. These resources are used to launder malware and malicious links in phishing emails because these have safe website reputations and don’t appear in threat intelligence feeds. INKY detected 46,518 of these attacks in 2021 and expect that number to increase by double digits in 2022.

PREDICTION #5: Phake News Phish: Bad actors will make persistent use of current events as phishing lures. Since 2020, phishers used Covid-19 pandemic guidelines (mandatory tests, vaccination forms, remote work policies) to entice email recipients to click on malicious attachments and links. These types of attacks increased by 768% in 2021. We expect such attacks to rise in 2022.

PREDICTION #6: A Rise in Ransomware: After the Colonial Pipeline ransomware attack, we observed phishing emails claiming to be system updates to protect against ransomware, but were actually an attempt to install ransomware. Ransomware will continue to haunt organizations in 2022.

PREDICTION #7: Masquerading as Uncle Sam: When Congress passed the $1 trillion infrastructure bill, phishers impersonated the U.S. Department of Transportation and harvested Microsoft credentials by inviting recipients to bid on projects through a phishing site. We will continue to see attacks based on government announcements and programs in 2022. In every tax season, there are always IRS impersonation emails and sites that attempt to steal login credentials and PII (birthday, mother’s maiden name, social security number).

PREDICTION #8: Fear-Invoking Phish: As the pandemic evolves and new threats emerge, bad actors will capitalize on the latest fear and uncertainty by impersonating employers and government agencies and assimilating new developments and guidelines in their social engineering attacks.

PREDICTION #9: Event-full Phish: Upcoming events like the 2022 World Games, Winter Olympics, new laws, and various elections around the world will also provide an opportunity for phishers to create relevant phishing emails to trick recipients.

PREDICTION #10: Triumphant Tardigrade: Finally, Tardigrade, a new, advanced malware, will present an unprecedented threat to email recipients in 2022. Because it behaves differently in different environments, Tardigrade has no constant malware signature to detect, acts autonomously with no need to communicate with malicious servers, and can be used to create a backdoor and install ransomware undetected. Expect to see a lot more Tardigrade-type exploits in 2022.

If these predictions hold true (and we’re feeling pretty confident), there are two ways to deal with them – prevention or recovery. Obviously, the easier path is prevention. In 2020, the average Business Email Compromise attack carried a price tag of more than $96,000. A fraction of that amount can buy a whole lot of prevention.

INKY provides the most comprehensive malware and email phishing protection available. It scans every sent and delivered email automatically and flags malicious emails, protecting your organization and your clients from even the most complex threats. INKY’s intelligent machine learning algorithms identify abnormalities in emails, even if the threat has never been seen before. INKY’s Banner warns employees of threats while protecting and training them at the same time. And INKY installation is simple. Most customers are up and running in under an hour – even with remote employees.

Schedule a demo or inquire today.


INKY™ is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY™ prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY™ is the smartest investment you can make in the security of your organization. INKY™ is a proud winner of the SINET 16 Innovation Award and was a finalist in the RSAC Innovation Sandbox Competition. Learn more about INKY™ or request an online demonstration today.