Email security has become increasingly more important to businesses. Hackers have become more sophisticated with their email attacks. It’s been estimated that 91 percent of all cyber attacks start with an email. We recommend Barracuda to our clients for email protection. Here are their predictions of the biggest email security threats in 2019.
Barracuda first wrote about this threat in the fall of 2018. Sextortion is a type of spear phishing scam that targets users by telling them they have access to their computer and/or email and have a compromising sexual video of the user. If the user does not pay, they will make the video go public.
The majority of these scams don’t get reported because quite simply, it’s embarrasing, which is exactly why the attacker chooses this method. Barracuda analyzed businesses and organizations attacked by this method and found that the education industry is the prime target. As Barracuda stated, “The overwhelming focus on education is a calculated move by attackers. Educational organizations usually have a lot of users, some with a very diverse and young user base that may be less informed about security awareness and that may be less aware of where to seek help and advice. Given their lack of training and experience with the nature of these types of threats, students and young people can be more likely to fall victim in these attack scenarios.”
Read more about this type of scam on Barracuda’s blog, “Threat Spotlight: Sextortion”
According to Barracuda, this technique is becoming more prevalent. They wrote, “ It’s estimated to cost US firms alone over $5bn annually and has already affected some big-name brands this year including Nest, Dunkin’ Donuts, Dailymotion and OkCupid.”
Credential stuffing is cause for concern for both personal and businesses but for this article, we’ll just focus on the threat it poses for businesses. We all know and are guilty of using the same password for multiple platforms. Businesses these days sometimes need up to hundreds of passwords to access various tools/services for operations. The problem credential stuffing poses for businesses is when employees use their corporate email and password for a third party vendor. The business might have their own email security in place but if the third party vendor gets hacked the attackers can use the employee’s email address and password (credentials) and gain access to the employee’s business email and other important business platforms. As Barracuda states, “This gives hackers a golden opportunity to take over corporate accounts.”
You can read more about this threat on the Barracuda blog, “Is 2019 the Year Credential Stuffing Dominates the Threat Landscape?”
We’ve writen about spear phishing in the past and all of the threats outlined in this article could essentially be used with a spear phishing attack. Last month Barracuda published an in-depth report on Spearphishing top threats and trends.
There are some key takeaways in this report that may surprise you. For example, the hackers will tailor their email subject line and message based on the industry to make the attack more believable. The example the report gave was a subject line of “Are you at your desk?” may change to “Are you on campus?” for an email targeting someone in the education industry.
Maybe less surprising is that finance department employees are targeted more frequently because they have access to money and employees’ personal information.
Almost all of the spear phishing email attacks include a sense of urgency and 62 percent of the attacks use only 10 popular email domains to launch their attack.
How to Make Your Business Email More Secure
Again, we recommend and implement Barracuda products for our clients. They deliver a great product and are constantly evolving to be on the offense, as well as, the defensive against email hackers. However, email security technology alone will not solve all your problems. Employee or user education on email security best practices is essential to keep these threats at bay.
If your business is concerned and/or considering an email security solution, we are here to help. Contact us for a free consultation.