The cyber-attacks through emails have become common these days. We receive hundreds of emails every month saying that the attached file contains data that might be interested, or that the file attached is an invoice that is past due, or that there are important documents attached that I should see right away. This is called social engineering, this has become one of the best tools attackers use to convince their targets to open infected links or attachments.
A report by Proofpoint titled “The Human Factor 2019 Report” shows us how email attacks rely on human interaction rather than automated exploits. The report shows that more than 99% of the attacks required human interaction to succeed. This data was obtained by screening more or less 1 billion messages per day over 18 months. This means that no automated process can success when the attack is made through email.
Social engineering attack makes more difficult to distinguish from a genuine email or a fraud one. Most attackers structure the email message in a way that it looks like you’ve received it from a trusted source like Google, Microsoft or a known contact.
The report also mentions that hackers tend to imitate the business routines of organizations to fool employees working there.
Other key conclusions found in the report include:
- People who are frequently targeted by fraud emails are, usually, not high-profile individuals or VIPs. These are discovered identities or “targets of opportunities” for attackers.
- Domain fraud — registering a domain name that looks similar to popular brands to trick users — lends a sense of legitimacy to a socially engineered fraud email.
- Social engineering is extensively used in credential phishing, sextortion scams, and business email compromise (BEC).
While malicious actors prepare email attacks in a way that makes it difficult to distinguish a spam mail from a genuine one. However, you can identify a potentially malicious mail by checking its domain name. You should also avoid clicking on unknown links and more.
Have you witnessed and escaped an email attack? Tell us in the comments.