Email is still one of the top used ways we communicate, and it is also an essential element to consider in any cybersecurity strategy. Many of us know we need to be careful and can reduce the risks by practicing the safeguards that are advised. Still, email continues to be a vulnerability due to human error.
It is easy enough for hackers to use authentic-looking logos and create convincing fake messages that are easy to overlook when we are tired, overworked, or distracted. Working remotely has not helped in terms of distractions where we are balancing priorities with family obligations, work deadlines, and makeshift office space often in the middle of everyday life.
Partnering with an MSP (managed service provider) such as MicroAge would be beneficial to a business to keep it protected, but it is just as important that staff do their part to reduce risks as well. While there is no software or downloadable app that is 100% proven to protect business data, we know a layered cybersecurity strategy that includes employees practicing safe email security will help.
Cybercriminals love to use email, and so we have put together some common threats to be aware of.
Using this method, cybercriminals send out fake but often undiscernible emails to a large group of people with the hopes a few will bite. When one does click on the malicious link, it leads to a fabricated site used to steal credentials, banking information, security codes or passwords, and other personal information that is valuable to a hacker.
We have all seen the reports of emails telling us one of the accounts we use have been hacked. Whether it be a bank, shopping site, cell phone provider, etc., these are not new. Many hackers will use current events to lure us in as seen recently with COVID-19 tracing. Most people will not click on these phishing attempts, but because a large number of people are targeted at one time, the criminals are betting on the small percentage that will. Even though the likelihood of someone giving this information away, it still happens enough for hackers to make a profit and continue to use these types of attacks.
As the programs used to detect the bulk email attempts at phishing are getting more sophisticated, so are the cybercriminals. Hackers continue to adapt their techniques to increase their rates of success. Spear-phishing is an example of this.
Spear-phishing involves grooming specific individuals at a company to lay the groundwork to obtain the information the hacker is after. While this method may take a little more creativity, and more time is needed, there is evidence that it increases the rate of success.
Don’t underestimate what information a cybercriminal can get their hands on to work a spear-phishing attempt. The dark web offers information as do social media accounts. Combing through these types of fact-gathering missions allow for emails that are quite convincing.
Display Name Spoofing
Often used in conjunction with phishing campaigns, display name spoofy involves forging a sender’s name to make the email appear to be from someone other than the cybercriminal. The security industry has been successful in making this difficult for senders because of tools just as Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Please make no mistake, though, criminals will work around what they can to ensure their emails look like they are coming from a reputable email address.
A hacker will use the real name of an individual in the display name area but not in the email address. Cybercriminals are betting on the chance that a select few will not check the email address and believe the email to be real.
But wait, there’s more!
The old infomercial line might be funny, but it’s true. Cybercriminals will stop at nothing to try and gain access to business data. At the same time, the methods mentioned above are happening regularly, the use of email as a delivery tool for other types of attacks are as well.
The use of email to deliver malicious links that download ransomware, crypto mining, or spyware on your device. Unless a company uses powerful endpoint protection, once in, a cybercriminal will be able to gain access through that endpoint with ease.
Cybercriminals are still criminals and use whatever means they can to obtain the information they are after. Stories seen in the news are just the tip of the iceberg when it comes to cyberthreats. Large scale attacks that make headlines should act as a reminder that email threats are real and happening on a smaller scale daily.
Rest assured that although there is the potential for damage, email scams don’t have to make you sweat each time you open your program of choice. Educating yourself on these threats along with other security measures such as patch management, endpoint protection, and ensuring updates are performed will all help to keep you safe. Adding multiple layers of cyber protection will help to prevent email attacks from going anywhere. Partnering with an MSP can be a part of your layered approach to keeping the cybercriminals at bay.
Leave a Reply