Email is a widely popular medium of communication that is used by large number of organizations across the world for conducting day-to-day businesses. At present, there are 3.8 billion email users globally and this number is expected to reach 4.2 billion by the end of the year 2022. This huge user base makes email extremely popular among attackers for deploying cyber-attacks. Here are some of the popular methods of deploying cyber-attacks via email.
Increase in the URL based attacks
Within the first quarter of the year, an increasing number of URL based email attacks have been observed. URL attacks involve the use of emails that contain embedded links within them and redirects the victim to a website or a phishing site that has been designed to steal a user’s personal and confidential information.
The reason behind this increasing abuse of URLs is due to the use of HTTPS domains for hosting malicious sites. Attackers embed such links within the emails with no content for bypassing email filters and to increase curiosity so that the victim clicks on the link. Sometimes, URLs are non-clickable in nature and are only activated when the user pastes the URL in the search bar of the browser.
An increase was observed in the number of URL links that redirect to malicious files which are being hosted on cloud-hosted file sharing sites including OneDrive, Google Drive, Dropbox, WeTransfer etc. These file-sharing services are used to host malicious content since websites pass the domain reputation checks that are used by a number of security tools for verifying links. These file-sharing websites allow users to preview the hosted content and provide a link that can be clicked without the need to download the file. Due to the increasing popularity of file-sharing websites, these are being exploited by cyber-attackers since people do not suspect using them.
The rise in the number of impersonation attacks
Impersonation attack is a type of social engineering attack where attackers manipulate the probable victim to access their information. An attacker might impersonate a CEO or a CFO in order to trick employees for a fraudulent wire transfer or any other payment. Within this period, a 70% rise was observed in the number of impersonation attacks with an increase in attacks that target the payroll and supply chain departments. On a global scale, BEC attacks have resulted in the financial loss of $12.5 billion within the period of one year.
Why is email security necessary?
Email security is necessary because of its worldwide adoption for personal and professional use. This makes email an extremely popular target among cyber attackers. Therefore, email security is an extremely critical aspect of an organization’s cyber security.
How can we strengthen email security?
With DMARC record generator and analyser tool KDMARC helps in securing the email domain by setting up DMARC policies that can help in filtering out malicious emails. The tool can analyse emails in detail and thus helps organizations in strengthening email security.
