You would be hard-pressed to find a business or organization that doesn’t use email to communicate among employees, with customers, and with vendors. Email is a vital part of our lives that we have come to rely on. Because it is so ingrained in our lives, we trust the emails that we receive and we trust that when we send an email, it will be secure. This feeling of trust and safety is exactly why cyber criminals have taken advantage of emailing and have used it as a tool to steal information and money from individuals and businesses.
Email threats are common, but that doesn’t mean that we have stopped falling for them. At catmandu, we see many infected computers simply because the user clicked on a malicious attachment. We also hear many phone calls from people who are wondering if an email they received is a scam.
Businesses are at the highest risk. With multiple employees and many access points, it is easy for a criminal to syphon the information they need. Many of the major cyber attacks in the past two years have occurred because of seemingly benign emails.
Though we have heard this all before, we feel that it is important to go over it again because email threats are constantly evolving. Here’s how to identify the top email threats:
Email Scams & Social Engineering
Most people who have an email account have received (and possibly fell for) an email scam at least once. These scams are targeted and tricky. Out of this list, they are perhaps the easiest to fall for and the most difficult to detect. For a business, the scam usually comes in the form of a lead (which is something we all want). However, there are many, many types of email scams: the Nigerian scam, work at home scams, lottery scams, tech support scams, online dating scams, etc. At catmandu, we often receive a particular scam. This week, we received one from a man named Tom William who said that he owned a business that he wanted to take from small scale to large scale by creating a new website. He said that he had an illness and that he is hearing impaired so he can’t talk on the phone. He wants an estimate on a website build and he also asked us if we accept credit cards. He said all of this with slightly bad grammar.
This has all of the hallmarks of a scam. So what do you do? You delete it. If we were to go through with his requests eventually he would want to pay for the entire web design up front plus a couple thousand extra which he will want wired back to him. He will be using a stolen credit card and you will have no idea. However, you will be held liable once the actual owner of the card finds out.
Computer threats are often sent via email. This is mainly done when malicious code is injected into an attachment. The email receiver downloads the attachment, therefore installing the virus onto their system. The virus could come in the form of ransomware: a type of malware that holds your system hostage until you pay a ransom or it could be spyware: a malicious program that monitors all of the activity on your computer such as website visits, keystrokes, and data and transfers it to the cyber criminal. This is especially dangerous for businesses because competitors could be watching you illegally via spyware.
Spam is the practice of sending out mass amounts of unsolicited emails. Spam is unwanted by the receiver and the sender is unknown. Often, we sign up for newsletters online. This is not spam because we knowingly allow the email to be sent to us. Spam is normally used to advertise a product, service, or website but some spam is used to propagate malware or spread scams. The practice is especially harmful to businesses because it costs U.S. corporations $8.9 billion is lost productivity and slowed down systems each year, according to BusinessSoftware.com. Spam is illegal and will result in huge fines to the sender if they are caught. If you are a business, don’t spam people and if you receive spam, don’t open it.
A phishing email’s final goal is for the sender to release personal information such as social security numbers, bank account information, login credentials, etc. Obviously, no one would just give this information to a complete stranger so the criminals mask the sender information, making it look like the email came from a fellow employee or any other trusted source (such as a bank). The victim thinks little of it and sends the login credentials without hesitation. Businesses are a big target for these kinds of attacks. Phishing scams can also come in the form of phone calls and instant messages so be sure to never give out any personal information over the phone or online unless you are 100% sure of the message’s source.