Email Risk Calculator

With roughly 306.4 billion emails sent each day, and an average of 126 corporate emails received by any single user, the ability for cybercriminals to leverage the native vulnerabilities in email platforms continues to increase.

In order to quantify your organization’s email risk profile, use this Email Risk Calculator. From Whaling Attacks, to Cryptocurrency to seasonal BEC attacks, understand how the risks your organization is facing in order to develop a comprehensive email security plan.

Email Risk Sidebar banner

Attachment Risk

Emails at Risk per Week

Attachment or payload-based attacks are a component of a cyberattacks that are malicious and delivered through payloads through malware, or malicious software.

For more information on Ransomware and Malicious Payloads, download this eBook.

Link Risk

Emails at Risk per Week

Malicious link or URL-based attacks are used in phishing campaigns. Hyperlinks embedded in email content can lead users to malicious websites that automatically deliver malware, harvest user credentials or steal other sensitive information.

For more information on Malicious URLs, download this eBook.

Executive Impersonation Risk

Emails at Risk per Week

Executive impersonation is a prominent example of business email compromise (BEC) – fraud carried out when attackers spoof or compromise legitimate business email accounts through social engineering or system intrusion. In executive impersonation attacks, cybercriminals pose as organizational leaders with the goal of tricking employees into sharing credentials, exposing sensitive information or transferring funds.

For more information on Executive Impersonations, download this eBook.

Executive Spear Phishing (Whaling) Risk 

Emails at Risk per Week

While spear phishing is a highly targeted form of phishing, whaling attacks are even more precisely aimed sending deceptive emails to high-level decision makers such as CEOs and CFOs.

For more information on Whaling Attacks, download this eBook.

Account Takeover Risk 

Emails at Risk per Week

Attackers leverage a wide variety of techniques to perform credential harvesting attacks or email account compromise, in an attempt to obtain user credentials or capture other data, often from user input locations like login pages. The ability to impersonate business applications and relationships makes users a target for credential theft and email account compromise.

Vendor Email Compromise Risk

Emails at Risk per Week

Common brands, and templates, allow for employees to perform their duties more efficiently. But, it also gives attackers an easy target to deliver Business Email Compromise (BEC) attacks. And, because the phish appears to be from a trusted brand or vendor applications, users are tricked into taking action sharing sensitive information.

Crypto Currency Extortion Risk

Emails at Risk per Week

Cybercriminals are using social engineering scams, specifically phishing and spear phishing, to target cryptocurrency wallets by stealing user key information. These attacks send targeted emails with fraudulent links, where they solicit important details associated with the crypto wallets to gain access.

Voicemail Spoof Risk

Emails at Risk per Week

One of the more common email phishing attacks is the “voicemail message” or “missed call” message scam. Leading to annual global losses in the billions, these voice scams rely heavily on social engineering and manipulation to get victims to give away information. With vishing, scammers typically pretend to be from a trusted/official source, such as a bank or government organization.

For more information on voicemail spoofing, read this blog.

Password Reset Risk

Emails at Risk per Week

In an attempt to gain login credentials to critical systems, attackers will send phishing campaigns that appear legitimate, incorporating authentic brand logos and email templates. The goal is to trick the user into clicking on the link to steal credentials.

Fax Spoof Risk 

Emails at Risk per Week

Fake Fax emails, or eFax, are landing in users’ inboxes. Many of these attacks contain attachments or links, when opened/clicked, the users’ machine is infected with a malicious payloads, that could include ransomware.

Shipping Information Spoof Risk 

Emails at Risk per Week

The way consumers and businesses shop has fundamentally changed, with online purchasing accounting for almost 15% of all purchases. As a result, delivery scams sent via email, with fake tracking links or requests to verify personal identifiable information, lead to increasing numbers of malicious activities.

Domain Hijacking Risk 

Emails at Risk per Week

Domain hijacking is when a cybercriminal has gained control of a legitimate organization’s complete Domain Name System (DNS), allowing the attacker to make changes, including email accounts. Then, a hijacker can send emails to customers or vendors to gain sensitive information or financial information.

Topic-Related Risks

Emails at Risk per Week


Emails at Risk per Week

Tax season is often a common timeframe for attackers to develop phishing campaigns with the intent to steal sensitive information and money. The most common Tax-related terms in these attacks include "IRS", "Intuit" and "Tax Return."


Emails at Risk per Week

As the employees shifted to working from home, attackers began focusing on related phishing campaigns. The most common Work-From-Home-related terms in these attacks include "work from home", "virtual learning" and "remote working."


Emails at Risk per Week

Attackers have taken advantage of the pandemic to send COVID-related phishing. The most common COVID-related terms related to these attacks include "vaccine", "Pfizer", "Moderna" and "Johnson & Johnson."


Emails at Risk per Week

Impersonating an individual or corporate bank in a spear phishing or BEC attack is an easy way for an attacker to gain access to financial information or the money itself. Common bank-related terms related to these attacks include "Bill", "Bank" and "Deposit."


Emails at Risk per Week

Much like with bank-related terms, attackers use urgency to access financial information. Common payroll-related terms include "Direct Deposit", "Payroll" and "Expenses."

Learn more about how GreatHorn uses adaptive threat analytics to more effectively identify impersonation attacks within Microsoft 365 and Google Workspace.

Schedule an Threat Assessment Today