Email has remained a core feature of both our private and business online interaction despite the increasing popularity of other digital communication tools like instant messaging, video conferencing, and other business collaboration tools. This is particularly true in most work settings – a fact which is very understandable due to email’s simplicity to use and universality.
Over 300 billion emails are now thought to be exchanged daily, for both private and business use, and this figure is only projected to grow, reaching around 360 billion every day over the next two years.
With this in mind, it’s no wonder that targeting a personal or company email system is a tempting prospect for would be cybercriminals.
Why are emails such a good place for criminals to attack?
Due to the proliferation of email use, nearly everyone (and every business) uses emails at some point – with many employees receiving large numbers of emails daily. This sheer volume means that many employees feel under pressure to read all emails and respond quickly.
The large number and everyday-ordinariness of emails also often leads individuals to lower their guard when it comes to security. Cybercriminals take advantage of this fact and are becoming increasingly sophisticated in the approaches they use to breach an individual or company’s online security.
As well as being a communication tool for average day-to-day communications, emails will also carry much sensitive data and, with the proliferation of online transactions, are often linked to bank accounts and credit cards.
Cybercriminals take advantage of this in what are termed phishing attacks, which have become even more common and effective with the growth of cloud-based email.
What is a phishing attack?
A phishing attack comes in the form of an innocent-looking email sent to an individual’s inbox. It is designed to get you to click on a link or open an attachment. These are malicious, though often disguised to be something harmless or something you would otherwise trust. The most successful of these will require you to act quickly before you may have time to consider the authenticity, or otherwise, of the email.
Once the malicious link has been clicked, or the attachment opened, it can allow criminals to steal login details and other personal data or install malware or spyware on the device.
From there, the cybercriminal can then expand their access to the company’s network and steal sensitive data, bank account details, or generally perform system-busting attacks, which can seriously affect a business’s productivity.
Research shows that over 90 per cent of cyber-attacks start with a phishing email, proving the effectiveness of this method for criminal activity.
It is often easier to rely on an employee’s curiosity to open an email that refers to a personal account they may hold, or that looks like it comes from a potential client or colleague, than it is to attempt to crack an organisation’s security by hacking into their network from outside.
What can phishing emails do?
Phishing emails are often designed to provide an attacker with a key to the gate of an organisation’s security system. It’s almost as if the unwitting employee has opened the door for them to come in. Some of the main reasons for these attacks are:
Fraudulent payment
Many phishing scams try to convince employees to send payments to an external account. This is often done by impersonating a senior executive within the company and using their email address to disguise the fact that it has come from the criminal. The email may then instruct the employee to send the payment to the criminal’s account, pretending that it is for legitimate business purposes, such as paying a supplier or other invoice.
Credential theft
Some phishing emails are used to steal a staff member’s password and username. These can then be used to access other aspects of the company’s system, allowing the criminal to steal data or complete other nefarious actions.
Install malicious viruses – trojans and ransomware
Some emails will carry with them malicious viruses like trojans, malware and ransomware. A trojan – which takes its name from the trojan horse of Greek legend – is a file that can collect data and possibly download additional, specialised malware such as ransomware.
Ransomware encrypts all files on an infected computer system and then demands payment to recover the files. However, even if the ransom is paid, there is no guarantee the files will be restored.
In a phishing attack, only one employee needs to fall for the con for it to be successful and for it to potentially infect the entire organisation’s computer system. However, attackers will often target more than one employee within the company to maximize their probability of success.
It is vital, therefore, that businesses take email security very seriously.
Cybercriminals are now known to be exploiting businesses’ reliance on often hastily configured cloud email systems put in place during the early days of the Covid pandemic. This, along with a general lack of security resources and expertise, has seen security experts estimate that there has been a 600% increase in phishing attacks since the start of the pandemic. The UK’s National Cyber Security Centre (NCSC) has also released data that states 160,000 suspicious emails were reported over a 14-day period in June last year.
If you want to take the email security of your organisation seriously, we can help. Don’t hesitate to contact us on 01792 439087 with any questions or click here.
The cloud has introduced numerous possibilities for businesses in terms of greater efficiency surrounding data storage, disaster recovery and security.
Read More
Having a sufficient IT infrastructure is a fundamental component to any organisation that wants to function efficiently and effectively in this economic market.
Read More
Could your business benefit from a complete networking system? Find out what it is and how it could make a difference to business productivity.
Read More