Case Study: Why Do Hackers Target Email?

Email became a popular form of communication in the 1990s, it has also become an incredibly essential part of day-to-day business communication. Cyber criminals over the last three decades have exploited the popularity and dependence on email communication by creating socially engineered phishing and malware campaigns. Email remains one of the most common routes for cyber criminals to attack businesses; this is because phishing emails rely on human error. It takes just one employee mistakenly clicking a malicious link within an email to potentially lead to a whole organisation being compromised. 

So, if email is so susceptible to phishing, why do we continue to use it? Despite the sophistication of email spam filtering services, email attacks are constantly being reinvented and finding new ways of portraying legitimacy. For example, Barracuda Networks reported that there was a 667% spike in the number of Coronavirus related phishing attacks earlier this year. This is just one-way cyber criminals evolve their campaigns to play on people’s fears and can be mistaken for legitimate emails. Today, we take a deeper look at why hackers still target email and what you can do to be vigilant. 

Emails can appear legitimate

A successful email attack will usually impersonate someone you know, a business, a service, or a government institution. It is incredibly easy to impersonate a person or an entity through email by just including some seemingly legitimate factors such as a domain name and logo. Email spoofing campaigns have been a popular phishing tactic over the last year. An attacker will compromise a person’s email account generally without their knowledge. They can then send messages to colleagues and friends pretending to be that person. Since the receiver assumes said person is a trusted sender, they will not scrutinise this message as closely as other emails.  

Email spoofing was especially prominent during the months where most people worked from home during the Coronavirus lock-downs. You can read more about Account Takeover (ATO) attacks.

Inadequate security

Investing in Managed Services helps protect your businesses against security threats such as malicious email campaigns. This is achieved through a strategic, sophisticated security suite. This includes things such as top of line spam filtering and Next Gen Anti-Virus. Read more about Sentinel One. 

Hackers rely on businesses whose email accounts aren’t protected by spam filtering and other security measures. Having inadequate security means your entire organisation could be compromised if someone were to fall victim to a phishing attack. 

Human error

According to the UK Information Commissioner’s Office, 90% of data breaches occur due to human error. Hackers target email because they rely on recipients not knowing about cyber security or scrutinising the emails they receive.  

Mimecast conducted a phishing attack simulation with a 6,500 person organisation that did not provide cyber security awareness training. The study showed that 500 users clicked the malicious phishing link in under a second. Whilst this is worrying, if employees are given cyber security awareness training, they may be less likely to unwittingly open malicious links or fall victims to other attacks. 

Email still plays an important role in day-to-day business communication. While hackers are constantly evolving their malicious campaigns, there are steps to pro-actively safeguard your business. Investing in Managed IT Services adds an important layer of security to safeguard your business and your team. Another step to better security is recognising that human error is the weakest link in the chain of cyber security. This can be made less severe with regular awareness training and education. 

If you have any security concerns call Milnsbridge today on 1300 300 293.