Based on their behavior, cyber attackers seem to agree that old, proven tools are hard to beat. Email remains a cost-effective go-to tool for launching a cyber assault, relying on a little help from the human element.

Brandon Reid, Enterprise Sales Manager at Mimecast, an email security company, presented Anatomy of an Email-Borne Attack at Cyber Security Summit 2018. Email is the prime launch vehicle for phishing attacks, and it accounts for the preponderance of attacks – 91 percent – he said. Not only that, email is effective – about 30 percent of emailed phishing attacks were opened, according to statistics attributed to Verizon. Median time to user first clicks that opened the phishing emails is 100 seconds (Wired Magazine), and some 66 percent of a malware payload is delivered via malicious email attachments (FBI PSA), according to Reid’s presentation.

Why do hackers use email? Sheer volume is one reason – 225 billion emails are sent every day and that total is growing. Email is cheap, everywhere, trusted by users around the world and is a workhorse communications channel for organizations and individuals.

Reid noted that phishing ploys continue to rely on the classics. Traditionally risky scenarios persist: A third party on social media who observes public conversations and then asks too many personal questions, an employee who’s chatty about business on social media sites, and notification from a seemingly bona fide source that your account is frozen, often displaying what appears to be a legitimate company logo.

One telltale indicator that an email is not from a legitimate source is the URL. Senders may mimic a trusted source to trick people into opening the contaminated email, but close inspection may reveal that the URL doesn’t match the purported sender. Emails sent to mobile users make it even more difficult to detect counterfeit links when senders insert very long URLs on small screens to conceal the sender’s actual URL.

Supply chain impersonation emails are another common cyberattack technique in which an email appears to come from a trusted business partner, peer or supplier, relying on familiarity to heighten the chances that the email will be opened. Users should regard as red flags any emails that combine a financial ask and urgency, or which try to gather Protected Health Information or Personally Identifiable Information.

Among Mimecast’s approaches are sandboxing to manage “low-hanging fruit” and static file analysis to reveal inappropriate sender code, Reid said. Citing a case when a user sent highly confidential payroll information to the wrong source, he recommended content review before sending out any sensitive data in an email.

[ Photo Credit: Bruce Silcox Photography ]