Email inboxes are inundated with phishing emails daily, and new research finds that as many as 33% of them are suspicious or legitimate attacks.

A new F-Secure analysis of organizations across the globe during the first half of 2021 finds one-third of emails reported by employees are either malicious or highly suspect. The findings come from people working for organizations using F-Secure's email reporting plugin for Microsoft Office 365. More than 200,000 emails were examined during the first half of the year. On average, active users submitted 2.14 emails each during the period.

The most common reason users gave for reporting emails was a suspicious link, which was cited by 59% of users. Other reasons employees reported messages included an incorrect or unexpected sender (54%), suspected spam (37%), suspected social engineering (34%), and a suspicious attachment (7%). 

F-Secure says 99% of the reports were automatically analyzed and 33% were phishing. Researchers manually investigated the remaining 1% of reported emails, and determined 63% of those were phishing attempts.

Some of the high-risk words or phrases commonly used in suspicious emails included Dropbox, "Amount of USD," "Message is from a trusted," "Warning," and "Your fund has."

More details on the analysis can be found here.