Email has been a crucial linchpin of business activity for years, enabling workers and partners to more easily collaborate and communicate regardless of their location. By early 2016, Google had more than 1 billion monthly active Gmail users, and chances are good that many of these applications are leveraged in a corporate setting.
However, now that so much information is transmitted and disseminated over email – including attached documents, files and included sensitive data – these platforms have become particularly attractive to hackers.
Cybercriminals now have an array of different email attack strategies under their belts, putting business communications across the globe at potential risk. Here's a few of the worst threats that organizations large and small should be aware of:
1) Business email compromise
This is one of the newest and most damaging malicious schemes in the current threat environment. According to statistics from the FBI, business email compromise has become a $3.1 billion scam for hackers, and there has been a 1,300 percent rise in related enterprise losses since the beginning of 2015.
"Business email compromise has become a $3.1 billion scam for hackers."
But what, exactly, is business email compromise? As the FBI explained, this style of attack centers around deception and sophistication.
"Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, BEC can take a variety of forms," the FBI stated. "But in just about every case, the scammers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals."
Victims receive a legitimate-looking email – hackers can even spoof a company executive's email, leveraging an address that is similar, but perhaps one or two characters off. The email urges an immediate wire transfer, tricking the employee recipient into thinking that the request came from an internal supervisor.
According to the FBI's recent numbers, there have been more than 14,000 victims of business email compromise attacks in the U.S., and a total of 22,143 domestic and international victims combined. Hackers are picking up steam in this area, so it's imperative that organizations have protections in place to ensure that financial requests are checked for legitimacy.
2) Social engineering
This is another increasingly popular attack strategy – however, social engineering has been around for a lot longer than business email compromise, and this approach can be leveraged in a number of different infection styles.
Social engineering is yet another instance where hackers leverage sophisticated tricks to fool users. However, as opposed to business email compromise which typically revolves around fraudulent wire transfers, most social engineering attacks center around stealing authentication credentials. In this way, hackers have broader access and can more easily make off with sensitive data or other stolen digital assets.
"The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software – that will give them access to your passwords and bank information as well as giving them control over your computer," Webroot explained.
Common styles of social engineering including stealing or spoofing a person's email account, and leveraging his or her own contact list to send out fraudulent emails to the victim's friend. These messages may be conversational in nature to make them appear like they are truly coming from a familiar confidant. Some social engineering messages ask for charitable donations to trick victims, or include an urgent request for help. Most also include a malicious link or download that includes a malicious payload. In this way, hackers can take over the recipient's email account, and infect individuals within his or her address book, spreading the attack further.
In an enterprise setting, a social engineering attack could have devastating effects, and could quickly spread throughout the entire organization. It's imperative that users check the legitimacy of sender addresses, avoid opening any suspicious emails and not click on any included links or attached documents.
3) Phishing and ransomware
Phishing and spear phishing are similar to social engineering, wherein malicious senders leverage background research and manipulation into tricking users that the message is legitimate. In today's threat environment, phishing and the more targeted and extensively researched spear phishing are typically prerequisites to ransomware attacks.
Ransomware is an incredibly dangerous and increasingly popular style of attack, wherein users are locked out of their systems, files and data. A notification appears on a victim's screen, which they are unable to bypass. The message informs the users that an outside entity has taken control of their system, using strong encryption to prevent access to data and files, and access will only be returned when the victim pays a ransom for the decryption key.
Unfortunately, most of these attacks begin with a phishing email that includes a malicious attachment which, when clicked and opened, installs the ransomware. ZDNet contributor Danny Palmer recently reported on Defray, one of the newest in a long line of phishing email ransomware samples that demands a $5,000 ransom. Defray does appear to be unique in its highly-targeted nature.
"But rather than using mass spamming, like other forms of ransomware, those behind Defray are customising messages for specific targets, with some campaigns consisting of only a handful of emails," Palmer wrote. "One particular campaign targeting an unnamed hospital purported to be from the director of information management and technology, and attempted to distribute ransomware via an infected Word file claiming to contain patient reports — complete with the hospital's logo in the document."
Email security tips
The first step toward more secure email communications is awareness. When users are educated about the latest attack styles, they can be on the defensive and take a more proactive approach to protection. Teachers users best practices like double checking email addresses is also a helpful step – hackers will often use email addresses that may appear similar to a legitimate address, but include an extra period or letter. Identifying these can provide a sign of potential attack.