The evolution of cybercrime coincides with the evolution of the internet, and with that came the invention of emails. The first serious wave of cybercrime came with emails in the late 80s. Their accessibility meant that hackers could targets their victims directly by sending harmful files straight to an inbox.
The WannaCry case is a perfect example of how emails can be dangerous. This ransomware attack infected over 200,000 computers, and it all started with an email. It was sent at around 8am, and by lunchtime that day, employees all over the world were being locked out of their devices, highlighting how fast and widespread an email virus can be.
It may seem tedious, but email awareness training shouldn't be dismissed as 'common knowledge' because any gaps in knowledge within a workplace are seen as vulnerabilities that hackers can exploit. When it comes to computer literacy and its effect upon cyber-security, the effects of regular refresher training should never be underestimated.
The Dangers in Emails
With 59% of UK business leaders seeing emails as their biggest threat, the dangers that can come into your inbox cannot be ignored. Hackers are growing in skills and techniques, reflected by the fact they constantly developing news ways to use emails for cybercrime.
Emails can often include attachments that, once opened, create an entry point for malware to get into the system. Disguised as a document, voicemail or PDF, they are designed to launch an attack as soon as they are opened.
Links to malicious webpages are another popular example. This can pop up in an attachment or the main body of the email and can appear as a fun link sent from a friend, a trap that the unsuspected recipient clicks on without a second thought. Dangerous links account for a significant number of data breaches within organisations.
Not only are the techniques of hacking varied when it comes to emails, but the malware types that appear also differ, and as a result, the impact varies. When you hear names like Trojan horses, spyware, ransomware, viruses, and so on, what you're really hearing about is types of malware. The different names refer to the different ways hackers get into a system, with trojan horses disguising themselves as harmless in order to gain entry to a network to infect it.
Ransomware works by encrypting a victim's data and demanding a fee to restore it. In other words, the hackers convert the data on the device into a code that is illegible for the user, and as a result the recipient is forced to pay for the data to be restored.
Phishing works by people gaining the victim's trust through pretending to be a legitimate source, and as a result the victim hands over sensitive data that the criminals can make a profit from. By the phisher claiming to be a reliable source, the victim unknowingly clicks on a link or opens an attachment, exactly what the hackers want.
Man-in-the-Middle Attacks are anything but a game. This is when the attacker puts themselves between the user and the organisation in order to intercept and impersonate the user. This way the attacker can read and manipulate email conversations and steal information as they go, all without the victim being any more the wiser.
Spam remains a mainstream term when it comes to unwanted email. With servers now having a dedicated filter for spam to automatically go into, it would be easy to think that we are protected. Think again. Spam remains a significant challenge for everyone, and when it contains malware, it not only wastes your time, but also becomes a head ache for you cyber security.
How to Stay Safe
Being vigilant with emails means that you have more chance of keeping the hackers out through knowing what to look out for, and as a result you can keep your data protected. Following a few simple steps means that you can help prevent yourself from becoming the next victim to cybercrime.
- Never share sensitive information such as passwords or credit card numbers, no matter how real the email looks. No bank will ever ask you to disclose sensitive details over email, text or phone. Never give away any personal information.
- Think twice before you open anything: If you receive an email with a link or attachment, make sure you are 100% sure it is legitimate before you open it. If you don't know the sender, ignore it.
- Don't assume anyone who's sent you an email is who they say they are, better to be paranoid than become a victim of cybercrime.
- Use your spam folder: This will do a lot of the hard work for you, but if you ever see suspicious emails, mark them as spam for future reference to maintain a consistent level of protection.
- If you're ever in doubt, get in touch with the company through their separate website (never follow links/phone numbers they provide you with).
How it looks – If they have faults in spelling and grammar, or the logo seems a bit fuzzy, then mark it as spam straight away.
How they address you – If they don't know your name, chances are they are trying to win you over with what little information they have. Remember, this really is personal.
The website address or email – Businesses and organisations don't use web-based addresses such as Gmail, so if there is a long URL that looks unsophisticated to you, step away quickly.
Your bank accounts – Regularly check on your accounts for suspicious activity. Anything that you can't remember spending, get in touch with your bank immediately.