Cyber criminals stole more than $3 billion over the last three years through Business Email Compromise (BEC) scams. Those scams targeted small and mid-size businesses (SMBs), in particular. According to the recently published Internet Security Threat Report (ISTR) from Symantec, email has emerged as the weapon of choice for cyber-attacks in 2016. Sadly, while one in 220 emails contained malware in 2015, that rate increased to one in 131 emails in 2016.
Attackers now favor spear-phishing email campaigns that target specific individuals, organizations or businesses. The highest rate of phishing emerged in companies with between 251 and 500 employees. With now professionalized spamming operations, malware authors often outsource their spam campaigns to highly organized groups.
Cyber criminals use several general tactics to spread malware and ransomware. A favorite method involves disguising malicious emails as routine correspondence, as we saw in the 2016 U.S. presidential election.
In March 2016, an email that appeared to originate from an official Gmail account was delivered to the account of Hillary Clinton’s campaign chairman, John Podesta. The email suggested that his account had been compromised and instructed him to reset his password. As we now know, the victim unknowingly clicked a malicious URL and delivered the password to the attackers.
Most businesses receive thousands of emails each day. With increasingly sophisticated and targeted attacks, it can prove difficult to recognize malicious emails. More and more often, cleverly disguised emails use social engineering, relying on human interaction to trick users into breaking security protocols.
Increased email security is necessary to help businesses guard against common social engineering tactics, such as:
Emailed malware typically follows this basic process:
Savvy users have already adopted simple email security measures such as immediately deleting vague emails and not clicking on attachments unless they come from a trusted source. As attackers employ greater sophistication, businesses need to build more sophisticated defenses.
Some basic, but powerful, email security measures you may not have implemented:
Most importantly, invest in multi-layer email security. A comprehensive security system is critical to protecting your business from malicious cyber-attack. With commercial-grade security equipment and automatic updates to guard against the latest threats, you gain both peace of mind and enhanced productivity.
Cyber threats never take a day off, never clock out and go home at the…
Building, deploying, and managing applications via Microsoft's global network of data centers is easier with…
Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…