Email scams are growing more sophisticated and, according to a recent survey, two thirds of Britons simply don’t understand how vulnerable they are. People think they won’t be subject to an attack, or that they would recognise one before it does any damage. The reality is far less positive.
Email scams and phishing attacks are declining, according to the 2015 ISTR. In 2014, the phishing rate was 1 in 965, a considerable reduction from the previous year, which was 1 in 392.
That might sound like email security is now less of a risk: but that’s not the case. While the number of email phishing scams is going down, the number of people falling victim to them is on the rise because the attackers are getting smarter and harder to identify.
You know there’s no Arab Prince who wants to give you his fortune, but those kinds of attacks are old school. Modern phishing scams tend to pose as alerts from your bank or other such authorities requesting that you log in to confirm your details.
The hackers behind such scams are capable of creating legitimate-looking webpages that many would confidently enter their credentials on. And now the financial risk of each scam is on the rise as whaling scams continue to do damage.
Whaling scams are similar to phishing, except that rather than ‘fish’ for lots of little opportunities, the attackers go after one big catch. Hackers pose as officials from within the business they are targeting, sending an email to a senior member of the finance department requesting large, urgent money transfers.
Not knowing that the transfer request is a fake, the finance person authorises it and the hackers get their payday.
Detecting these scams is difficult as the hackers go to extreme lengths to disguise themselves and research both their targets and the individuals they are imitating. In some instances, attackers have even bought a domain name that was almost identical to their target business so that, at a glance, the address looked the same.
That leaves more than three quarters of employees open to social media scams. Hackers can find plenty of personal information about an individual from their social media profiles; this makes it much easier to impersonate a contact and trick them into sharing malicious software.
The same survey from Software Advice found that just 39 percent of employees received ongoing training in security awareness as part of their job. That leaves more than half of the workforce ignorant to how real the threat of email scamming is.
When large corporations fall victim to these attacks it is damaging, but for smaller companies it’s even worse. The fallout from thousands of pounds being stolen from a big business is vastly different to the same amount being stolen from a smaller company.
Small businesses are extremely vulnerable. They often have fewer checks and balances for payment authorisation, poorer technical security measures and a lack of staff education programs around IT security. But one successful attack is all it takes to ruin a small business.
For end-to-end email security, we recommend adding an extra layer of software protection that reduces the risks your staff are exposed to. The right software not only blocks emails with malware, but also examines the contents of the email including attachments and HTML links, and allows you to set up permissions regarding what data is safe to send and receive.
Employee education remains critical though; your employees need to be aware of the threats they face and how to minimise risks. When it comes to staying safe online you need all three: people, process and technology.