There’s a reason why more than 90 percent of targeted security threats originate in email. Human beings are the weakest link in the security chain. If an email gateway is like a brick wall that surrounds the network and only lets in a small percentage of threats, a human being is often like a turnstile that only requires a gentle push to gain entry.
Most people are familiar with phishing, which occurs when cyber criminals, posing as a legitimate company, try to acquire sensitive information. Scammers lure people to bogus websites, where they’re tricked into providing personal or sensitive information, such as usernames and passwords, bank and credit card account numbers, or Social Security numbers. Phishing emails may also include malicious links or attachments that automatically activate malware when clicked.
Spear phishing is a more sophisticated, focused approach that targets specific organizations, and very often specific individuals, with a goal of stealing financial information, trade secrets and other confidential data. It’s a more customized form of hacking. Some spear phishing emails appear to be from executives or authority figures within the recipient’s organization. In this form of attack, known as business email compromise, the hacker often asks the recipient to wire money or pay a bogus invoice.
Phishing attacks continue to increase in frequency and sophistication. According to the fifth annual State of the Phish Report, 83 percent of cybersecurity professionals surveyed said their organizations experienced phishing attacks in 2018, up from 76 percent in 2017. Spear phishing increased to 64 percent from 53 percent.
90 percent of targeted security threats originate in email.
Tips to Avoid Email Threats
While more modern, sophisticated threats can be difficult to detect, there are steps you can take to avoid becoming the victim of a phishing scam and compromising your own or your employer’s private information.
- Use common sense. For example, phishing emails often contain cryptic messages such as “your account is past due” with a PDF attachment that’s purportedly an invoice or statement. Or, out of the blue, you may receive a link that’s supposedly to an electronic document that you’re supposed to e-sign. If it’s suspicious, delete it.
- Look for obvious warning signs. Phishing emails often include a greeting such as “Dear User” or “Hello” with no name after it. Also, if you received an email from a legitimate, established company, it wouldn’t come from a Gmail address, and the company wouldn’t need you to provide your credentials.
- Hover or “mouse” over links. This will usually show you the URL without having to click the link. If it looks the least bit suspicious, don’t click it, or call the organization’s customer service line for verification.
- Make sure your operating system, browser, applications and security are up to date. You reduce the risk of a security breach when your online tools are current.
GDS can also assist you with Advanced Email Security Services that are fully monitored and managed around the clock. Our solution prevents most phishing and other attacks from ever reaching users’ inboxes, and uses continuous analysis to determine if delivered emails could be malicious. Vigilant end-users, combined with powerful security solutions from GDS, reduce the risk that malicious email will cause devastating downtime and data loss.