Whenever we talk to new clients about cybersecurity, one of the first questions they ask is ‘how big a threat is email to their business?’ And they are right to ask…
When it comes to internet security, viruses do not discriminate. Every company, big and small, that doesn’t take out the right protection is under threat from the emails that they receive.
In fact, email is one of the oldest and most common ways your computer will pick up a virus. According to Verizon’s 2018 Breach Investigations report, 92% of malware comes through email.
One of the most common methods of email malware infection is phishing attacks. This is where emails try to trick recipients into downloading malware disguised as an attachment, or sending information such as bank details, by masquerading as a trusted sender.
One of the most high-profile phishing attacks happened in 2016, when hackers managed to convince Hillary Clinton’s campaign chair, John Podesta, to email across his Gmail password. This shows just how convincing these emails can appear.
Often these attacks come about by criminals hacking popular websites for users’ details. When cybercriminals obtain lists of usernames, passwords, and other details from websites that require a log-in, they can access information such as your email address, password, full name, phone number, birthday and any other details you’ve given the website in question.
This becomes a broader threat because when we create accounts online for social media, retailers and other services, we usually do it through the same email address. This makes things easier for the user, but even easier for a hacker.
A specific phishing tactic to be aware of
One convincing tactic usually starts with an email that includes your email address and a password you’ve used online in its subject line – that will get your attention!
It’s unlikely that hackers will have done anything to your computer, but they do have the password and username from the hacked website.
The hackers spoof their email addresses so it looks like it’s coming from someone else. They set up fake websites that resemble trusted ones, and use foreign character sets to disguise URLs. And then they spin a believable story in an attempt to trick you into downloading malware or sending over bank details.
More recently, paying a ransom has become a preferred way for hackers to monetise their efforts. They could do this by threatening to delete all your files, lock down your systems or send embarrassing personal information to everyone in your contact lists.
And while such phishing attacks are usually sent to every contact from a hacked website, they can also sometimes be targeted. For example, the hacker could send an email to an HR employee with an attachment that pretends to be a job seeker’s CV.
It really is all scary stuff.
Call Nebula first if you are ever concerned by your email security
When it comes to SMEs, this can have a hugely detrimental effect on your private data and online security. If you ever receive an email like this, contact Nebula immediately. It is essential in keeping on top of your company’s cybersecurity to have a professional IT company on hand providing you with an added layer of security.
We can help you after something has gone wrong, but it is much more effective to work with us before any problems start. We can manage advanced cloud-based email security solutions that use self-learning to stop spam, phishing and viruses even reaching your inbox. Call us on 01454 534 009 to see how we can help you today.