Clicking on links accounts for 99% of all of email attacks
Just over a year ago we published an article looking at how email is the number one threat vector and unfortunately this hasn’t changed. According to Danny Palmer of ZDNet, 99% of email attacks rely on the victims clicking on links. A very small number of attacks result from exploit kits and known software vulnerabilities to compromise your systems however, the vast majority require the victim to click on a link associated with the email. Another popular form of email attack is CEO Fraud where instead of clicking on links the victims are tricked into carrying out an action, such as unknowingly transferring money to an account, controlled by a scammer.
You might find an email that was sent at 4am as suspicious however, what if the email arrives in your inbox during working hours and appears to be from a known colleague, customer, supplier, or even your boss? You are far more likely to trust this email, as the source seems legitimate and it was sent at a time you would likely receive an email from this source anyway. The use of social engineering is a key factor to a successful phishing campaign for cyber criminals. Social engineering is the psychological manipulation of people into performing actions such as clicking on an unsafe links or divulging confidential information. By sending emails from what appear to be known sources at sociable times, the criminals are lulling you into a false sense of security. Trust is important however, a healthy level of scepticism as to the sources of the emails in your inbox may save you a lot of money and stress. Phishing scams are becoming more and more popular with cybercriminals simply because they the cheapest and most effective form of cyber-attack. We can’t guarantee that you won’t fall victim to cyber-criminals and unfortunately, they are getting more brazen and imaginative in their methods.
The following tips are mostly common sense however, we are strongly recommending that all our clients should implement safe words in all emails pertaining to financial transactions. I have also included some information on Vade Secure for Office 365. A great AI-based email protection client for both known and unknown threats.
Our top tips on how you can mitigate against an attack.
- Don’t open emails from unknown or untrusted sources.
- Never take an email and its source at face value and never click on links unless you are 100% confident as to the source of the email and the destination of the outbound link.
- Beware of emails from senior management that ask you to make an immediate payment to a 3rd CEO Fraud is costing businesses large sums of money.
- Use a safe word with all emails concerning financial transactions. If the boss sends you a mail demanding that you pay a sum of money from the company accounts and the request mail doesn’t have the safe word, do not make the payment and follow up directly with the sender of the email in person or via the telephone. Safe words should be changed regularly and while they offer a level of protection, they too can be compromised. If in doubt, confirm via telephone or in person.
Vade Secure is a great service that we use here at IT.ie and is a fully integrated solution for Office 365 to protect your emails. Using Artificial intelligence, it scans all incoming mails and links and provides a level of protection far superior to anything else that we’ve tried. If you would like a demo of Vade Secure just go to our Vade Secure page where you can read all about the service and provides you with a link where you can sign up for a free no obligation trial.
John Grennan – IT.ie