The first line of defence for any business when it comes to keeping their operations safe from cyber-attacks must be their email platforms. According to figures from Verizon, 94% of malware arrives via email, so effective protections are a must.
In particular, one increasingly popular type of email attack is phishing, where criminals attempt to trick users into handing over credentials or even making direct payments. While this type of attack has been around almost as long as email itself, it’s gained ground in recent years as the way we work has changed.
Why are phishing attacks on the rise?
Phishing has proven to be a highly effective attack vector for many criminals, and this has only increased over the last year or so. According to figures from F5 Labs, phishing attacks rose by 15 per cent last year compared with 2019, while data from the Information Commissioner’s Office revealed phishing was the number one cause of cyber-related data breaches between April 2019 and March 2020, accounting for 28 per cent of all cases.
The rise in home working has meant more day-to-day business is being carried out via email rather than face-to-face, and this presents new opportunities for tactics such as business email compromise, where attackers impersonate people within the organisation.
In the office, it’s easy to walk over and check if a colleague has really sent an email asking an employee to send certain information, but when people are working remotely, they may be more inclined to go ahead and comply with any requests they receive.
Those working on their own laptops or PCs that may not be fully within the company’s defence perimeter are also prime targets. And if these threats are able to slip through email gateways and make their way to users’ inboxes, they can be very hard to detect until it’s too late.
What’s more, this may be more common than many people think. Research conducted by Barracuda found an average of 512 attacks per organisation, while 14 per cent of all mailboxes contained at least one email attack.
The phishing threats to be aware of
To counter these threats, it’s important everyone knows what to look for when checking their email inbox. And some of the cases we’ve seen give an illustration of the most common forms these attacks take and how easy it can be for employees to fall for them.
For example, we found several phishing emails at one new customer when performing an initial scan during the purchasing process for our Altinet Sentinel solution. Among these was an email to the HR department that appeared to be from an employee asking payroll to update their bank details. Although it came from a Gmail address not typically used by the employee, the HR department had nevertheless replied with the necessary forms to complete.
In this case, the firm’s internal security procedures required the employee to confirm the changes via phone, and red flags were raised when they refused to do this. However, if this extra step had not been in place it could easily have led to fraud, as it was missed by the firm’s existing legacy perimeter defences.
Elsewhere, we also found phishing threats that appeared to be notifications of files being shared via OneDrive, though closer inspection revealed neither the email address nor the URLs matched what is typically used by Microsoft.
Another particularly troubling phishing technique involves blackmailing users. For example, we uncovered emails that claimed to know a user’s password, including this in the subject line to grab the employee’s attention. The senders then threatened to expose their private activity – including videos – unless payments were made using cryptocurrency.
In these cases, it’s often likely that a user’s genuine password has been exposed in another third-party data breach and used by fraudsters to convince a user their device has been broken into, even if it hasn’t – which is yet another reason why it’s not a good idea to reuse passwords across multiple accounts.
The cyber security tools to stop advanced threats
A key challenge for many firms is that traditional email defences often fail to spot these threats. For instance, Barracuda’s research showed 59 per cent of threats found within inboxes were phishing attempts – and the fact these emails reached users’ mailboxes indicates legacy tools had failed to protect the firms.
While good user training is vital in helping spot such attacks, a tech solution that can look beyond email gateways and scan inboxes themselves for threats is also vital. Tools such as Altinet Sentinel are able to access each employee’s messages and use artificial intelligence to look for suspicious activity that would not be spotted by a traditional email gateway or antispam solution.
It works by identifying unusual patterns or behaviour within incoming emails. It can learn what normal communications look like and then flag up anything outside that for review. As well as looking at things like email addresses and URLs, it can analyse the language of the email to spot anything out of the ordinary.
If a malicious message is flagged, the technology can then automatically look through the rest of the company’s inboxes for other instances to ensure nothing has slipped through the net.
In the employee impersonation example above, for instance, a company using this technology would have been alerted to the fraudulent message by the fact the originating email address was not what was expected, as well as the fact it makes an unusual request. Meanwhile, the blackmail attempt would also have been red flagged due to its demand for a cryptocurrency payment and the threatening language, allowing IT managers to step in.
These defences are essential in preventing the new generation of email-based threats, many of which have been specifically designed to bypass legacy solutions.
Download the essential Guide to Email Security
To prevent you from being a victim, it’s vital to boost your security – and this must start with protecting your inboxes from phishing attacks.
We have released an Essential Guide to Email Security where you can learn how to defend your firm from email threats.
To find out more about how this technology can help your business, get in touch with Arrow today.