Guardian Digital has identified more phishing emails in May of 2020 than in any month prior in the company's twenty-year history - here’s what you need to know to stay safe online in this time of uncertainty that has become the new business norm.
Email plays a more pivotal role in business operations than ever, and is by far the most popular attack vector among cybercriminals. Research shows that 95% of cyberattacks begin with a spear phishing email. The FBI has warned multiple times of complex COVID-19 related business email compromise (BEC) scams exploiting businesses' increased reliance on cloud email, misconfigured cloud platforms, and email users’ anxiety surrounding this crisis, and has emphasized the importance of fortifying cloud email with critical additional defenses.
In this article, we’ll examine the top exploits targeting cloud email users and explain how to protect against each of these threats.
Breaking Down the Four Most Significant Threats to Cloud Email Users
Email Threat #1: Phishing
Phishing campaigns are highly effective and easy for attackers to carry out - so it is no surprise that this notorious attack involving fraudulent communications which appear to come from a trusted source has dominated the email threat landscape for over a decade. Phishing campaigns leverage trust to gain access to sensitive credentials or to install malware on the target’s device.
Phishing attacks are on the rise, increasing by an astounding 65 percent and convincing 76 percent of business to take the bait in 2019. Modern phishing scams employ sophisticated social engineering techniques to manipulate psychology - making these attacks highly difficult to detect and avoid.
How To Protect Your Business From Phishing:
Combating phishing requires safeguarding the inbox against human error with multiple layers of intuitive, real-time protection. Defense-in-depth is crucial to staying ahead of social engineering and impersonation attacks - antivirus software and spam filters alone are no longer able to keep pace with cybercriminals’ sophisticated tactics. By thoroughly scanning all attachments and links for malicious code, our solution provides complete end-to-end phishing protection.
We’ve also assembled a list of tips and best practices to help you defend against phishing.
Email Threat #2: Ransomware
Ransomware has become one of the most widespread and well-known email-borne threats - these attacks have crippled governments worldwide and consistently dominate security news headlines. This dangerous type of malware is designed to block access to a computer system until specified ransom is paid to the attacker. A ransomware attack has the potential to shake a business to its core with significant downtime, recovery costs and often the loss of critical data.
Cloud systems like Office 365, Dropbox and Google are unprepared to safeguard users against emerging ransomware variants - and businesses are literally paying the price. More organizations than ever are getting hit with ransomware (often of the same type) multiple times. When it comes to ransomware, the cost of preventing this growing threat is significantly less than the cost of dealing with the unpleasant aftermath of an attack.
How To Protect Your Business From Ransomware:
The majority of ransomware is delivered via a phishing email - making effective phishing protection critical in safeguarding against ransomware. Ensure that you have an advanced cloud email security solution in place that analyzes the contents of every email delivered in real-time, scanning all attachments for ransomware and other malicious code.
Here is a list of other tips and best practices we’ve put together to help you defend against ransomware.
Email Threat #3: Email Account Compromise (EAC)
How certain can you be that the emails delivered to your inbox are really from who they say they’re from? Cyber thieves are employing social engineering techniques, phishing attacks, and other tricks to compromise email accounts and deceive victims into making a fraudulent financial payment. The email account compromise (EAC) scam works by compromising one account, then using the trust established between that account and those associated with that account to steal credentials that can be used to compromise other email accounts and coerce targets into unknowingly wiring funds to the attacker.
EAC is very difficult to recognize and highly dangerous due to the fact that in this scam malicious emails are typically sent directly from the compromised account owner’s computer, which has been authorized to send mail as that user. As a result, these fraudulent emails are not identified and flagged by any sender authentication protocols that the account owner has implemented.
How To Protect Your Business From EAC:
With an advanced, reliable email security solution in place, businesses can eliminate EAC risk - safeguarding their employees, their clients and their reputation. Combating EAC requires sophisticated methods that go beyond the implementation of traditional sender authentication protocols. Look for a solution that analyzes sender-recipient relationships, tracks domain reputation and age and uses intelligent filters to evaluate email headers, email content and envelope attributes.
Here are some other tips and best practices for preventing EAC.
Email Threat #4: Business Email Compromise (BEC)
Business email compromise (BEC), which describes an exploit in which an attacker obtains access to a corporate email account and sends fraudulent emails under the identity of the account owner in order to steal money, has generated losses of $26 billion worldwide. In addition to financial loss, a BEC attack can result in data theft and the obliteration of hard-earned client trust. Steve Baker, International Investigations Specialist for the Better Business Bureau (BBB), explains: “Businesses don’t want to talk about it; they’re embarrassed and don’t want to look vulnerable. But ask just about any organization and they’ll probably tell you they’ve received an email attempting some version of this fraud.”
How To Protect Your Business From BEC:
Similar to defending against EAC, preventing BEC attacks requires a multi-layered approach to security that includes the use of advanced sender authentication standards and protocols as part of a comprehensive cloud email security solution. We acknowledge the sophistication and complexity of this dangerous scam, and partner with each of our clients to understand the key people within their organization, their critical assets and their company’s operations in order to provide the level of protection required to combat BEC and other modern threats to business email.
Here is a list of some additional tips and best practices for preventing BEC.
For more advice on how to stay safe online in this frightening time, subscribe to our weekly Behind the Shield newsletter.
Stay safe, healthy and secure online!