By Prasad Vadke
As the world is battling with COVID-19 pandemic, malware, spam & phishing attacks have shot up with each passing day. Adopting a secure and encrypted email solution is the only way out to protect your confidential company data, personal information, and even finances. As per WHO reports, the number of cyber-attacks is now more than five times the number directed at the Organization in the same period last year.
Securing e-mail is a major necessity for organisations in order to keep sensitive information secured against unauthorized access. There are different types of attack methods used by hackers to target email security. The hackers ultimately have a specific purpose to cause damage or harm either to an individual or an organization. Email encryption includes encrypting or disguising the email content in order to protect sensitive information from being read by un-intended individuals. These advanced attacks including phishing, spoofing and ransomware attacks pose a big threat to the businesses, and may sometimes break organizations affecting them financially.
Unsecured email communications make individuals as well as SMEs highly vulnerable to threats. If a user is aware of email threats affecting his/her organization then they can take particular measures to deal with the threat in a particular manner, below-mentioned are a few threats.
Threat 1: Ransomware: It is a malware program commonly delivered via email also referred to as “crypto-Trojan, crypto-worm, or crypto-virus”. This malware encrypts the victim’s data and demands a fee to restore the same. Ransomware works as an infection and takes control of the system.
Threat 2: Phishing: Complex engineering techniques are used to create fake websites of legitimate banks or reputed organizations to allure audiences into believing the same to be genuine; the victim’s private and sensitive data such as personal identification, credit card numbers, and account credentials is thus acquired by fraudsters. Due to lack of security, most people provide vital personal information and get stuck.
Threat 3: Spear Phishing: Highly customized form of phishing, designed for a particular individual or organization. An extensive research by cybercriminals makes these websites appear genuine. Often emails from trustworthy sources lead an innocent recipient to a bogus website compromising important data putting them at risk.
Threat 4: Spoofing: Spoofing is a malicious activity which occurs when communication from an unknown source disguised to be known by the recipient tricks them into divulging information compromising their security. Common email threats or fraudulent acts are used to gain access to the victim’s personal information, access network controls and spread malware through infected links or attachments.
Threat 5: Whaling: It is a phishing email attack that targets organizations’ biggest fishes that includes the high profiles or senior executives. It is a scam wherein an attacker sends email based threats to an organization which is capable of carrying out a financial transaction.
Threat 6: Keyloggers: A piece of software associated with hardware devices and logs every key the user presses on the keyboard. A very common email threat captures passwords, personal messages, card numbers and other vital information as well.
The most important aspect of these attacks are severe on an organization, as succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on the scope, a phishing attack attempt might escalate into a security incident from which a business will have a difficult time recovering.
Ever since Covid-19 Pandemic took the world by surprise, hackers have taken advantage of the situation and large scale phishing attacks using Covid-19 as bait has surfaced due to a large number of phishing emails linked to Covid-19, Lockdown, WFH, Products & solutions for Covid-19, targeted on end-users is going up with each passing day. According to the New York Times, the world is now witnessing an unprecedented number in cases of phishing attacks & email scams. Although email contents may seem legitimate, it’s imperative to be vigilant & not fall into any traps.
Email fraudsters pose as executives asking victims to divulge in disclosing sensitive information, only to realize the scam later. There are various possibilities for an organization to protect themselves from such frauds:
- Prior knowledge of how email frauds work
- Being prepared with preventive measures
- Find a perfect solution for the organization that stops frauds and other threats
For every business small or large, security is a matter of concern. One must be informed about the prevalent email security threats that can harm data and lead to vulnerabilities. A user must know the common email threats such that they can implement proper security measures in time. However, as an individual one can be less prone to these phishing attacks if you follow these simple rules of Dos and Don’ts.
- Watch for email senders that use the suspicious domain names
- Open URL links obtained from known sources only
- Use good email security and secure mail hosting platform such as an interface for all communication across all devices.
- Do not open attachments in unsolicited emails
- Don’t click on a URL contained in an unsolicited email
- Never send sensitive personal information over email
(The author is Head Technical, IceWarp India)
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]