- Real Estate
- Food & Drink
This piece is presented by SDN Communications.
There’s a widespread misperception that cybercrime is usually the result of expert hackers skillfully and patiently working their way through a business’ security system to electronic files with valuable information.
The reality is that hackers get a lot of unintentional help from careless employees at the targeted companies. The bad guys literally get ushered into the network, typically by tainted email.
In fact, more than 90 percent of cyberattacks begin with deceptive email. According to a report from PhishMe.com, 91 percent of attacks begin with a phishing email that someone opens out of curiosity, fear or some other reason.
Phishing is a deceptive practice in which email senders try to trick recipients out of sensitive information, such as computer passwords or financial account numbers. Scammers often impersonate someone from another department or organization – a practice often referred to as spoofing – and encourage the message recipient to click on a link to help solve a problem.
“Phishing attacks remain the largest challenge to organizations because they target all employees,” according to PhishMe, a Virginia-based company that specializes in services that help organizations protect themselves from phishing and other malware attacks.
The frequency of phishing attacks and the ease in which they can be launched make it absolutely essential that spotting bad emails be part of good, ongoing security-awareness training that businesses provide to all their employees.
In addition, IT staff members periodically should test employees, perhaps with help from a security service. Send out fake emails to a group of employees, see who falls for the ruse, and use the results of the test productively in training.
Scam emails can be crafted well, warn experts at SDN Communications and other cybersecurity providers, so everyone with a business email address should pay close attention to details and suspicious emails.
Let’s a take a closer look at the anatomy of suspicious emails.
A. Start by examining and trying to verify the address of the sender in the from field. Keep in mind, however, that scammers can send phishing emails from a prior victim’s account.
B. Beware of email headers that contain spelling errors and messages that look unprofessional. A large financial institution or government agency is not likely to send an email from a Gmail account, for example.
C. It might be difficult to conclude much from the subject field, but take note of the overall content of the message. Be especially wary of messages that ask for payment or sensitive information.
D. Be especially suspicious of links and attachments. That’s typically how malicious code gets transported into business networks.
E. And don’t rely on contact information provided in the suspicious emails. Independently verify and, if necessary, contact the company that appears to have sent the message.
Hackers, like burglars, tend to enter a business the easiest way they can. In most cases, employees inside the business potentially provide the easiest and most convenient access. So they are likely to be attacked, and the pace of attacks is not letting up.
Email has been a game-changer for scammers, according to the U.S. Computer Emergency Readiness Team, or US-CERT, which is part of the Department of Homeland Security.
“The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume. Scammers only need to fool a small percentage of the tens of thousands of people they email for their ruse to pay off,” according to the agency.
Here are some tips from US-CERT for consumers that also can be applicable to employees of small and midsize businesses.
If and when phishing attacks become less profitable for cyber thieves, businesses might start seeing fewer fraudulent emails. Right now, however, email inboxes can be high-risk places.
SDN Communications has created a simple infographic for you to share with employees to educate them on how to identify spoofing attempts. Use the button below or click here to request a free download of the posters.
Nine in 10 cyberattacks start with an email. Here’s how to see through the deception.