On average, how many emails do you send a day? According to an article in the Guardian, the average office worker receives 121 emails and sends about 40 each day. Does that sound close to the number of emails that you send and receive each day? Now, what if we were to multiply that by the roughly 4 billion global email users that are out there? That is a lot of emails. Given the vast quantity of emails sent and received each day, it makes sense why hackers would target email as a way to execute cyber-crime – email is a huge opportunity for them.
Email cyber attacks have grown over the past few years. This is partly due to the shift to remote work in 2020 and the pure fact that emails go to humans. Depending on our mood, time of day or what is happening in our lives, we can make mistakes and can be duped. It’s human nature, and hackers prey on it. That’s why there are so many forms of email attacks that we need to watch out for and be ready for.
Phishing and Spear Phishing
Both forms of attacks try to get you to click on a link or open a file. The difference is that phishing is broad, and spear phishing is more targeted and specific to the individual. Hackers put more work into spear phishing emails and may include your name, or use other research to make the email more believable. In both cases, however, the intent is malicious and the goal is to deploy malware, ransomware or steal confidential information. As the receiver of emails, your best bet is to be skeptical. If you weren’t expecting the email, or the attachment, don’t click on it.
Business Email Compromise (BEC)
Oh, this is a tricky one. Generally, when you receive an email from your manager, an executive of the company, or the business owner, you try to accommodate their request. And that is exactly what a hacker is hoping you do. You see, with business email compromise (BEC), hackers are pretending to be someone at an organization and are trying to get YOU to click a link they are sharing. Now you have malware that provides confidential information to them like usernames or passwords or pay a past due invoice (except the money goes to the hacker).
In the event you receive an email like this, it is still okay (beyond okay) to question the request. Call, or send a chat to the person that emailed you and ask if the request in the email was legitimate. If it wasn’t, share it with your IT team and then promptly delete it.
Distributed Denial-of-Service (DDoS)
In this scenario, the goal of the hacker is to send thousands of emails to a business at the same time. The goal is to overload the system, potentially creating an opportunity to find a loophole in cybersecurity measures. It’s kind of a “look here, while I attack somewhere else” type of situation. Again, your best bet is to alert your cybersecurity team as quickly as possible to let them know of the issue.
This one is vast and places a big question mark on every email you receive. If a hacker gains access to the username/password of a third-party email tool, they can use it to deploy phishing emails that truly look legitimate. For example, the weekly email that you receive from your favorite retailer or an email coming from a popular file-sharing service indicates that you have new files waiting for you. The unfortunate part here is that these emails look so very legitimate that it can be very hard to spot that they are fake.
Being skeptical can go a long way here. If your favorite retailer sends you an email on the wrong day, it’s a red flag. If you weren’t expecting new files to come through, don’t open them. In addition, always double check the email address that is sending you the email – if it is off by one letter, do not open it.
Hackers look for easy paths, and email is an easy path. Emails are being sent constantly, we may be experiencing email fatigue, and everyone’s level of cybersecurity awareness is different. This makes deploying a malicious email a potential gold mine for hackers and a nightmare for everyone else. A successful fraudulent email could result in a major data breach, malware installation, and even wire transfer fraud.
As an employee, business owner, and a general user of email, it is imperative that we stay vigilant and question the validity of an email if we think it could be fake or spoofed.
In the meantime, if you liked this article, there are many more in our Learning Center. Here are a few blogs that may interest you. The time to make a move is now! Contact the Intivix expert team now at (628) 867-6130 or [email protected]. Intivix is your San Francisco based IT team ready to meet your needs.