In June of this year, cyber risks were increasing. According to this, cyber-attacks are already one of the most significant business risks for many companies. Email attacks and phishing, in particular, are dangers that are being warned louder and louder – sometimes by the FBI in a report on cybercrime, which is increasing worldwide. In today’s post, we go into the details of this report, look at a Stanford University and Google study on the subject, and share tips to help protect yourself from email fraud.
Table of Contents
A few months ago, the Internet Crime Complaint Center (IC3; Complaints Office for Internet Crime ), run by the FBI, published its annual Internet Crime Report (PDF). This report explains the impact of attacks on organizations worldwide and relates to the past year, 2020. The figures mentioned are likely to be alarming: 791,790 complaints were received last year, with more than 4 billion US dollars in total annual losses. The report also shows which risks companies should specifically address:
In addition to business email compromise, email account compromise (EAC) caused the highest losses, which the IC3 puts at over 1.8 billion US dollars. BEC / EAC and phishing are more significant threats than ransomware. According to the report: Financial losses were 64 times higher than ransomware attacks. These attacks account for a whopping 44% of the total loss! Completely different from the complaints: Overall, they only accounted for 2.4% of all complaints.
The supply chain ecosystem appears attractive for cybercriminals to attack companies indirectly. In particular, imitating and compromising providers turns out to be risky for companies since many organizations unfortunately hardly have an overview of the risks of their providers. There is an increasing number of different BEC / EAC variants:
There were significantly more complaints when it came to phishing: Almost a third of the complaints received by IC3 related to phishing. The fact that the number of complaints almost doubled from 126,640 reports in 2019 to 241,342 complaints in 2020 can prove that the targets of the attack are less the infrastructure weaknesses than the people in the company. With targeted employee awareness-raising, criminal actors can be prevented from successfully exploiting human weaknesses. In our article on phishing protection, we go into different types of phishing and give you tips on how to protect yourself against phishing.
The IC3 report shows that criminals were able to take advantage of the pandemic for their attacks. The year 2020 with the corona crisis was a hit for cybercriminals – that’s why we issued warnings in March and again in December 2020. Pandemic topics were used for general phishing or targeted social engineering attacks: vaccines, aids for companies, or new COVID19 variants spurred the creativity of cybercriminals. Please expect that pandemic topics will continue to be used for attacks in the future.
Email fraud – more specifically, email phishing campaigns – is one of the most common ways of getting infected with ransomware; this is also evident from the IC3 report. There were 2,474 incidents, according to the information in 2020. The losses are put at more than 29 million US dollars. Explosive: The report emphasizes that ransomware losses were kept “artificially low” in the account. The number given does not include information about lost business, wages, lost time, failed devices, or lost files. Reports from FBI field offices were also not taken into account. Accordingly, it can be assumed that the actual numbers related to ransomware are significantly higher.
Not only ransomware but also other malware is relevant to the field of email fraud. In our article “Identity theft on the Internet: What is malware?” We look at different types of malware and give you tips on malware detection.
In collaboration with researchers from Stanford University, Internet giant Google has looked at patterns that make users the preferred victims of email fraud. Based on data from more than a billion malware and phishing emails, the investigation aimed to find out whether attack victims become targets for any reason. As a result, it could be possible to optimize protection strategies. Indeed, the researchers succeeded in identifying various factors that can increase the likelihood of attack:
The origin of potential targets of attack could already be the first characteristic. After all, 42% of all email attacks target victims in the US, followed by 10% in the UK and 5% in Japan. The researchers found that attackers do not necessarily localize their emails. Instead, the same email template with an everyday linguistic basis is used so that English-speaking users are preferred victims for this reason alone. With these identical templates, criminals try to contact small groups of between 100 and 1,000 recipients for two or three days.
Users whose email addresses were already traded in one of the numerous data leaks in recent years were written to five times the probability of average users.
For the researchers, the age of potential victims also increased the risk: Email fraud occurs almost twice as often in people between the ages of 55 and 64 as in the 18 to 24 age group. These figures could also go hand in hand with mobile devices: If people only used emails on their mobile devices, the risk of attack compared to people who access emails on different devices was 20% lower.
Overall, the study shows that one could hardly speak of an indiscriminate approach, but there is usually no specific targeting. Therefore, choosing specific targets as attack victims is more likely with BEC / EAC attacks than with phishing and malware attacks.
Also Read: Email marketing In B2B – How Well Are Your Mailings Working?
Knowledge is power – this philosophy also applies to your email security! Therefore, the first way to protect yourself against email fraud is to learn as much as you can about various attack vectors. This is why the study carried out by Google and Stanford University is valuable: it helps to assess how at-risk you as a user are. It is also helpful to know where you stand – and you can quickly test that: With our phishing quiz and our S / MIME test, you can measure yourself against colleagues and test your knowledge. You can also use the following tips to protect yourself efficiently against email fraud:
Reddit is a forum website or simply called as a discussion platform where people share…
Securing your WordPress site is an essential task to safeguard your content, protect user data,…
Einthusan Is an Online platform that provides HD Movies, TV Shows and TV Series for…
Nowadays, there are many high-quality movie websites available on the internet, such as LetMeWatchThis. These…
1377x is a sister domain for the 1337x or 13377x torrents, it can be used…
MacBook 12in m7 is a popular laptop which is designed by the apple company. Are…