Why is email still the number one target of cybercriminals?

January 21, 2020

Despite the obvious benefits of email, it has a major downside: weak cybersecurity. In fact, as a mission-critical application for organizations everywhere, email is frequently targeted by cybercriminals and fraudsters.

The popularity of email has naturally made it central to illicit schemes like business email compromise (BEC) and phishing. In fact, the FBI reported that deliberate attacks on business email have cost organizations over $12 billion in the last five years. That’s a considerable amount for hackers.

Why is email the biggest security threat?

Businesses have come to rely on cloud-based email and file-sharing applications for communication and productivity. But too often, owners and managers fail to realize that the built-in security of these platforms doesn’t deliver enough protection against email-borne threats. Apart from this, employees are not trained sufficiently to defend against sneaky social engineering tactics.

What is the current email threat landscape?

There are different types of attack vectors used by hackers to target email systems. Let’s take a look at the common techniques that threaten email security:

  • Spam – Most bad email is the unsolicited type referred to as junk mail or spam. But the problem for many small- to medium-sized businesses (SMBs) is not so much staying on top of get-rich-quick schemes like the “Nigerian prince” scam, but in dealing with unsolicited emails that contain malicious links or malware attachments.
  • Identity theft – This is the process of stealing personal information — names, addresses, social security numbers, passwords, etc. — and using them for malicious purposes. Identity theft can happen to anyone.
  • Phishing – This is a method that includes gathering personal information using deceptive emails and websites. The objective is to trick the recipient into opening a seemingly legitimate email and enticing them to click on malicious links or download an attachment that will lead to a page that would surreptitiously collect information.
  • Ransomware – Many ransomware variants are delivered via email and are all too common these days. It is a type of malicious software that blocks access to a computer system or file by encrypting it until the victim pays a ransom fee to the attacker. In many cases, the ransom comes with a deadline, and if not paid on time, the data is gone forever.
  • Business email compromise (BEC) – This scheme involves hijacking business email accounts to facilitate fraudulent wire transfers. Techniques used vary widely but often begin with a fraudster infiltrating a business executive’s email account and using it to trick employees into conducting unauthorized fund transfers. Like phishing, it remains popular because it doesn’t require complex tools — all it takes is a convincing ruse to trick a potential target.

Here are some other reasons why hackers target emails:

  • Employees are human – Despite their knowledge email best practices and red flags, employees still make mistakes. According to a survey, human error and carelessness were responsible for most self-reported data breaches in 2018.
  • Using personal emails for business communications – Employees continue to use their personal inboxes on free consumer email services that have insufficient security measures.
  • It’s easy to trick people – Spoofing names and email addresses have proven to work on unwitting employees and make them believe that their boss sent them an email.
  • Threats are continuously evolving – Hackers and spammers are constantly improving and altering their tactics to match newer security technologies. In addition, underground markets like the dark web are becoming a hotbed for trading malicious tools and services, including hacked data.
  • Inadequate security – Many businesses email inboxes contain spam and malicious emails. When they don’t get the proper and timely security, vulnerabilities could be exploited and malware can wreak havoc in your systems.

Defending your business against email-based threats

Protecting your email communications starts with the right approach towards security, including implementing proper security policies, tools — paramount among them are email filtering systems which have features such as spam detection protocols, strict anti-phishing rules, and user-based filter settings.

Such solutions are designed to eliminate email threats before they threaten network security and lower staff productivity.

Policies and tools however, aren’t enough. You and your staff need to know how to respond properly when your business email has been breached. Take a look at these tips:

  • Report and cut off access through the breached email address
  • Change all your passwords across all devices and tweak account settings
  • Implement multifactor authentication (MFA)
  • Run a security assessment
  • Employ robust security measures to identify the damage, stop the breach, and secure your network

Email remains at the center of the daily workflows of millions of employees, and keeping it safe is an ever-growing challenge. Fortunately, email security mechanisms have evolved in response to the new wave of threats. Graphus offers a suite of solutions that can help bolster your email security.