While other email security risks like aggressive hacktivists and data breaches may only be a major concern for some users, everyone gets phishing emails — and a few will inevitably make it past your spam filter. Here are a few of the sneakiest schemes hackers use to get past your defenses, and the email security techniques to shut them down.
Tech-savvy users know enough about email security best practices to catch basic phishing emails. Spear phishing attacks are harder to defeat, because they’re well researched. Attackers will use your name, address, employer, and other personal info to craft emails that really look like they’re from your bank, an app, or even a friend.
Fortunately, you don’t have to be an email security expert to thwart spear phishing — you just need to err on the side of caution. If someone sends you an unexpected message, contact them to confirm it before you click anything (if you have their email, type their address rather than copying from the message, which may actually contain a fake address). Email security best practices also help. For example, email encryption helps verify the sender’s identity, and stops scammers from stealing identifying from your emails.
The victim of a spear phishing scam may not be the main target. Hackers often use stolen accounts to attack the real target: a business associate. In a Business Email Compromise (BEC) attack, the hacker usually tries to trick the associate into sending money. For example, they may send fraudulent emails from a vendor’s account, or use an exec’s email to ask the financial manager, to send funds.
Because BEC attacks require the target to send money to a new account, they can be defeated with rigorous procedures. Workers should be taught to never change business procedures — especially those involving money — unless they’ve confirmed the change through multiple channels.
Worms are malware designed to spread from user to user. Once a worm infects your device or account, it can spread to your contacts, steal or damage sensitive data, or even take over the account.
The recent Google Docs worm combined phishing and worm techniques very effectively. Targets received convincing invitations to edit a Google Doc, which would take them to a Google authentication page for a fraudulent app disguised to look like Google Docs. If the target entered their login info, it would infect their account and attack their contacts.
Like other scams, there’s no one email security trick to stop all worms. Google Apps security settings (see link below) can help, but the most important defense is just to avoid opening unexpected attachments.
Email security exploits seem to come from nowhere and spread quickly, making them seem frightening and mysterious. But in reality, they’re pretty easy to mitigate with education, and a few tools. Use these resources to stay safe from email scams:
Contact us to learn more about our partnership opportunities.