A recent cyber security study has found that 1 out of every 101 emails is a malicious. This doesn’t even take into account spam emails, which when discounted only one third of emails are ‘clean’.
The research examined over half a billion emails sent between January to June 2018 and found that of the malicious emails, the majority were employing social engineering tactics to steal data or install malware farther down the line.
This shows that hackers are aware that users can spot a traditional malicious email trying to get them to install something, but are much more susceptible to social engineering tricks. This means hackers are getting smarter and investing more time into their attempts to deceive.
One example of this is the increase of impersonation attacks, where the hacker pretends to be a colleague or high level employee and leverages the relationship to convince the victim to divulge sensitive information or make a financial transaction. This normally takes the hacker a few back and forth emails to help quell any suspicion from the victim.
We also highlighted previously the rise of phishing via SMS messaging, also known as SmiShing, because of the ever increasing number of people receiving email on their phones.
The huge amount of devices out there provides fertile ground for any hackers or scammers looking to gain access. The increase of workers utilising BYOD (bring your own device) and using their personal devices to access things like email etc, mean attackers can gain access to corporate resources much easier.
Always remember that the best protection against malicious emails is to train your staff and ensure they have the skills and knowledge to spot these emails. Employees are your last line of defence against these kind of attacks so make sure they have been trained and tested regularly.