James Forbes-May, VP of APAC for Barracuda Networks, tells Intelligent CIO about the most difficult email threats to detect.
Cybercrime losses cost $3.5 billion globally in 2019, with business email compromise (BEC) causing the most destruction, according to the FBI’s Internet Crime Complaint Center (IC3). The list of email borne threats seems to grow every year, varying greatly in complexity, volume and the impact they have on businesses and their employees.
Defending against today’s sophisticated email threats is no easy feat, as criminals continually bypass defenses using backdoor techniques, including spoofing, social engineering and fraud, to penetrate networks and wreak havoc.
Some businesses invest heavily in security architecture, while others aren’t able to. The one common denominator is what has long been regarded as the organization’s weakest link: its employees.
All organizations need to ask the question: Do users know how to distinguish between a legitimate email and an email threat?
Increasingly complex attacks
Understanding the nature and characteristics of attacks will help you build the best protection for your business, data and people. There are three email threats that users find most difficult to detect.
A cybercriminal gains access to a business email account and impersonates the owner’s identity to obtain something of value – usually money, login credentials or other sensitive data. Typically, emails look like they come from the owner. Often, victims don’t know legitimate email addresses of co-workers or managers, so if the name looks correct, they don’t question it.
According to Barracuda, 85% of BEC attacks are urgent requests designed to get a fast response, with one-in-10 successfully tricking users into clicking. That number triples for emails that impersonate someone from HR or IT.
2. Conversation hijacking
Attacks happen after a cybercriminal has already gained access to an internal account. They insert themselves into a legitimate conversation thread by spinning up a lookalike domain and effectively remove the compromised party. This isolates the email thread to just the hacker and their victim. Sometimes the only clue will be a very subtle difference in the email address or domain of the compromised party.
3. Brand impersonation
There are two types of brand impersonation. Service impersonation is when a hacker impersonates a commonly used application to coax users into re-entering login credentials or other personal information. Brand hijacking is when a hacker uses a spoofed domain to impersonate a reputable company.
Users have become accustomed to receiving legitimate emails from applications prompting them to re-enter credentials, reset passwords, or agree to new service terms. Most don’t think twice before clicking links that ultimately send them to phishing sites.
Protect against evolving threats
Attacks have evolved to bypass traditional defenses and require organizations to set up protection, not only at the gateway, but also beyond it. Every business needs to deploy the right combination of technology and people to have effective email protection.
While comprehensive email gateway defenses provide a solid foundation, using a multilayered protection strategy radically reduces susceptibility to email attacks and helps better defend your business, data and people.
The best defense against email threats is to make users aware of the threats and techniques used by cybercriminals. With continuous simulation and security awareness training, employees can recognize and report malicious content, transforming them into an important layer of defense.Click below to share this article