Cyber criminals stole more than $3 billion over the last three years through Business Email Compromise (BEC) scams. Those scams targeted small and mid-size businesses (SMBs), in particular. According to the recently published Internet Security Threat Report (ISTR) from Symantec, email has emerged as the weapon of choice for cyber-attacks in 2016. Sadly, while one in 220 emails contained malware in 2015, that rate increased to one in 131 emails in 2016.
Attackers now favor spear-phishing email campaigns that target specific individuals, organizations or businesses. The highest rate of phishing emerged in companies with between 251 and 500 employees. With now professionalized spamming operations, malware authors often outsource their spam campaigns to highly organized groups.
Cyber criminals use several general tactics to spread malware and ransomware. A favorite method involves disguising malicious emails as routine correspondence, as we saw in the 2016 U.S. presidential election.
In March 2016, an email that appeared to originate from an official Gmail account was delivered to the account of Hillary Clinton’s campaign chairman, John Podesta. The email suggested that his account had been compromised and instructed him to reset his password. As we now know, the victim unknowingly clicked a malicious URL and delivered the password to the attackers.
Most businesses receive thousands of emails each day. With increasingly sophisticated and targeted attacks, it can prove difficult to recognize malicious emails. More and more often, cleverly disguised emails use social engineering, relying on human interaction to trick users into breaking security protocols.
Increased email security is necessary to help businesses guard against common social engineering tactics, such as:
Emailed malware typically follows this basic process:
Savvy users have already adopted simple email security measures such as immediately deleting vague emails and not clicking on attachments unless they come from a trusted source. As attackers employ greater sophistication, businesses need to build more sophisticated defenses.
Some basic, but powerful, email security measures you may not have implemented:
Most importantly, invest in multi-layer email security. A comprehensive security system is critical to protecting your business from malicious cyber-attack. With commercial-grade security equipment and automatic updates to guard against the latest threats, you gain both peace of mind and enhanced productivity.
The office worker of even 20 years ago could scarcely envision today’s dynamic and interconnected…
Artificial Intelligence (AI) has taken center stage, captivating attention primarily through its role in self-driving…
The ability to generate compelling, original images using AI is changing the way we think…
With Microsoft Dynamics 365 Sales, businesses gain a powerful tool for nurturing leads, leveraging AI-based…
Annual Channel Futures MSP 501 global ranking identifies industry’s best-in-class businesses on Tech Industry’s most…
Carl Mazzanti is the president of eMazzanti Technologies in Hoboken. You engage with vendors…