In 2019, more than half of all IT security professionals reported that their stress levels were increasing. For many, this is the result of the constant barrage of email attacks that affect 85 percent or more of U.S.-based companies each year. And unlike many scams, which impact only the employees or company files themselves, email scams can hit businesses where it hurts the most: their reputation.
As the main entry point for today’s cyber attacks, email attacks are increasing in frequency and sophistication. Can your security keep up with these ever-shifting threats?
Why Email Attacks are Increasing
Unlike some common email scams, such as the often-satirized “Nigerian Prince” scam, today’s email cyberattacks are subtle and believable. These attacks prey on the natural trust that email recipients have in certain known contacts, such as coworkers, clients, vendors, and customers.
But when an email isn’t coming from one of these trusted contacts, but instead by a scammer who has spoofed or taken over the contact’s email address, this trust can cause harm. And many antivirus programs that are designed to filter out emails from unknown addresses or quarantined IP addresses aren’t well-equipped to deal with emails that appear to be coming from a trusted network.
In a recent survey, a whopping 43 percent of IT professionals who were surveyed reported that, within the last 12 months, one or more machines on their networks had been infected by malware through a common type of email scam known as spear phishing.
Spear phishing involves a targeted attack that uses a team member’s personal information and social profile to encourage the victim to give up personal information. For instance, a spear-phishing email may refer to a recent order and claim that it can’t be shipped until the victim clicks on a link and inputs their credit card number. Because spear phishing emails often reference a legitimate transaction or event, they can seem plausible to employees who might otherwise be suspicious of such an urgent-sounding message.
Another type of email scam that many companies have fallen prey to is email account takeover. This scam is just as insidious as spear phishing, and involves the actual hijacking of a trusted email account on a secure network. Because the scam email comes from a legitimate source, it can be all but impossible for standard IT security tools to detect and block. And in many cases, the scam artists will quickly create rules that route all sent and received emails to a hidden folder, meaning the person whose account was hacked may be completely in the dark.
How Can Companies Protect Themselves?
Even with robust employee training in how to spot suspicious emails, the best protection against email scams like account takeover and spear phishing comes from preventing these suspicious emails from ever reaching users’ inboxes in the first place. Artificial intelligence (AI) and its close relative, machine learning, can often detect fraud that human eyes may miss. These automated security tools can also reduce the level of IT support needed after hours and on weekends.If you’re interested in looking into your email security tool options, schedule your free 30-minute phone consultation with one of our experts today. We can analyze your organization’s needs, the specific risks it faces, and help you put together a comprehensive action plan to protect against some of the most defective and effective email scams out there.