A recent study by Trend Micro found that 91% of all successful cyberattacks start with a spear-phishing email. These personalized and targeted social engineering attacks perfectly demonstrate that almost all data breaches are a result of human error rather than technological issues themselves. That’s why it’s never been more important to understand how cybercrime works and to train your employees in how to better identify and mitigate the threats.
While conventional phishing emails are sent en-masse to target a very broad range of would-be victims, they never make it out of the spam folder. It’s the ones that are capable of evading spam filters that are worrisome. Most of the time, these are highly personalized messages rather than a general one sent out in bulk in the hope that someone gullible enough will rise to the bait. Spear-phishing scams typically demonstrate knowledge about the target to build trust.
Although social engineering attacks can be carried out over any medium, even including the traditional landline telephone or the postal service, the vast majority use email. The reason for this is that everyone uses email. In the workplace, checking emails is a core part of the daily routine, which makes it the fastest, easiest, and most reliable way for scammers to conduct their attacks.
How ransomware spreads via email
The spread of ransomware is a good example of something that’s often considered a technology problem yet is really a human problem. While ransomware itself is just another form of malicious software, it doesn’t spread like a conventional computer virus. Moreover, it doesn’t require any expertise to implement.
Most ransomware ends up on a computer after being delivered as an email attachment. The infamous Locky ransomware, for example, was delivered to millions of potential victims in a blank phishing email with an attachment. In the vast majority of cases, people didn’t open it, simply because no one with any sense ever opens an attachment from an unknown sender, particularly if it comes with a blank email.
Unfortunately, a simple mistake or even just a case of misplaced curiosity is all it takes for an attack to succeed. You can’t rely solely on your antivirus software either, as many malicious emails contain attachments with unidentified malicious code. While enterprise-grade spam filters and email security should ordinarily block any suspicious emails and their attachments, some messages may slip through. Awareness is the best defense. It’s important to be critical of every email, link, and attachment you see online to prevent devastating attacks from spreading.
How scammers compromise email accounts
In social engineering, many hackers deliberately target email accounts themselves. Not only do email accounts contain a wealth of confidential information – they’re also used to reset login credentials for other accounts. In other words, if someone manages to get into your Gmail account, there’s a good chance they’ll be able to access many other accounts you use.
Rather than literally hacking into your email account, cybercriminals will instead try to dupe their victims into unwittingly surrendering their login information. Common tactics include an attacker masquerading as a colleague and claiming they’ve forgotten the password to an email account or setting up a fake website that looks like the real one. Many phishing scams are designed to capture login credentials, which is why you should never share login information with anyone, including your own colleagues. After all, no legitimate business or security-aware individual will ever ask you for your email login information.
Founders Technology Group provides enterprise-grade email security, spam protection solutions, and round-the-clock monitoring for your critical systems. Call us today to learn more.