Don’t Download that File! And Other Things to Know About Email Security

Email revolutionized the way that we communicate with each other, all across the globe. The service was first invented in 1965 at MIT, and although it would take decades for the service to become popular worldwide, the ease and capabilities of “electronic mail” has only sped forward at lightning pace with the digital advancements we’ve made since then.

Now, in 2022, the possibilities are endless. We can send a quick missive to people we’ve only spoken to once, learn about the latest Sears sale as soon as they announce it, and share important files whether they’re a one-page Word document or a collection hour-long videos (if you have infinite storage in your Cloud, of course!) and have it arrive to the intended destination in minutes, even seconds.

Even as people moved more toward personal devices to communicate with friends, email remains a critical part of many people’s lives – particularly in the business world. Cybercriminals know this, and target victims accordingly. What cyber-threats should you be aware of so that you can continue emailing safely and securely?

Phishing

How much does a cybercriminal really need to know about you in order to target your email account? Truthfully, not much. In 2019, more than 10.5M email addresses were floating around on the Dark Web. You can imagine how that number has grown today.

By purchasing a list of emails and associated names, hackers can send phishing scams to an amassed list all at once, and even address recipients by first name so the message seems more personal and believable. Phishing is the most common way that cybercriminals compromise accounts and organizations, and it’s only becoming more frequent and dangerous. By purchasing a list of names on the Dark Web, the bad actor may be able to fool enough victims that they send back information that allows the hacker to break into their accounts. From there, they can find more information, steal data and finances, and send malware to your friends list, amongst other disastrous consequences.

BEC Scams

Business email compromise scams, better known as BEC as a testament to how prolific they are, pretend to be from your organization or connected to it professionally in some way. Usually the scam messages will come from an address very similar to one you know and trust, but with an extra letter, slight alteration or punctuation that they hope you won’t notice. Then they can request confidential company information or files, spread malware, or spearphish for more information so that they can eventually break into their victim’s account.

More BEC scams get reported to the FBI every year, particularly since work from home practices made virtual meetings so commonplace. Falling for these fraudulent messages can cost the business millions. Be careful who you interact with online and always get permission through the appropriate channels before you answer virtual requests for money, data and information.

Suspicious Attachments

Always be wary of email attachments, especially if you don’t recognize the sender. Even messages that seem real can be fraudulent. Legitimate organizations will paste all necessary information into the body of the message and direct you to remedy any issues through their official website. This is because of the danger posed by downloading malicious files that are hidden within email attachments.

Security experts at HP recently discovered a keylogger hidden in malicious PDFs sent out to steal users’ information. Snake, as the malware has been dubbed, appears legitimate and safe so as to convince users to open it in Microsoft Word, at which point the malware exploits a code vulnerability and unleashes the keylogger on your system.

Users can become compromised that easily, which is why you should always verify what you’re opening before you touch any attachments. Even legitimate email addresses could be copied and subtly changed to avoid your detection, making all outside files a risk until proven otherwise.

Conclusion

As you can see, there are myriad ways that your email inbox can be a dangerous and murky place. Whether they target you outright or spam you along with 100 others off a list from the Dark Web, it’s only a matter of time before a scammer sends a fraudulent message. Don’t click on any links or attachments before verifying their source and purpose, double-check who you’re responding to, and ask the proper company channels before giving out private information or finances.

Cybercriminals know how important email is for most people, just as much as you do. Keep it a safe haven for work and connection by practicing cybersecurity every time you log on.

References