At least nine out of every 10 cyberattacks start with an email, according to the threat intelligence firm FireEye.

In a September report, the company said that “a single malicious email can cause significant brand damage and financial losses.”

The report is based on 500 million emails that were sent between January and June 2018. In the document, FireEye portrays e-mail as a roadway flooded with junk. Only 32 percent of traffic that organizations receive is considered genuine, according to the firm.

On Sept 7, the top IT official at the Department of Homeland Security, John Zangardi, said his agency received more than 30 million emails from December 2017 to May 2018. Roughly 21 percent, or 6.5 million, of those emails were classified as malicious. Only 1,200 emails included malware which passed through the department’s spam servers, and just 10 employees clicked on the links. Still, none of the email-based threats were successful because of additional defenses the agency has in place, Zangard said.

The FireEye report also said a growing number of attacks are targeting employees' W2 data. That tax form contains sensitive details such as Social Security Numbers and annual salary figures.

FIreEye’s warning comes as impersonation scams are on the rise. That techniques includes emails that pretend to be from a trusted source but instead contain malware. “The emergence of impersonation attacks that lead to phishing sites is a prime example of how cyber criminals are constantly looking for the most efficient attack method,” FireEye said in their report.

In August, Fifth Domain reported that the Fin7 hacker group, which by one estimate caused more than a billion dollars of damage, was a master of the impersonation scam.