The COVID-19 pandemic has been a boon for bad actors across the digital landscape. In July, for instance, authorities in the U.S., U.K. and Canada all issued warnings about serious cyberattacks against healthcare organizations and others involved in the coronavirus response. The purpose of these attacks? Theft of intellectual property during the race to develop a vaccine. The tool of choice? Spear-phishing email attacks.
We live in an era where the amount of valuable data businesses must store is increasing at an unprecedented pace. Consequently, the number of cyber criminals trying to gain access to that data is also increasing. In fact, according to a report released last year by Osterman Research, 81% of organizations have been the victim of some type of data breach, targeted email attack, successful phishing attack or other cyber security incident during the previous 12 months. And with the surge of people working from home due to the COVID-19 pandemic, these numbers are only going to go up.
The COVID-19 crisis has changed the way we approach data privacy and email security as the transition to working from home has been accompanied by a growing surge of Coronavirus themed phishing scams and spoofed websites used to distribute malware or lure victims into providing confidential information.
Stories of the COVID-19 pandemic’s rapid global spread have paved the way for threat actors to unleash the most widely-used cyber threat in recent memory.
Despite the rumors announcing the death of email, its use continues to grow. According to research from the Radicati Group, email traffic is predicted to grow to over 333.2 billion emails sent per day (from the current 306.4 billion emails). And as long as businesses continue to use email, cybercriminals will find new ways to exploit security gaps, software bugs, and basic human nature to extort millions of dollars from their victims.
While many businesses are moving their email from on-premises to the cloud, many that have already made the switch have discovered that cloud hosted email has its share of drawbacks to go along with the benefits these businesses had originally sought.
In part one of our three-part series on Business Email Compromise (BEC), I explained what a BEC attack is and provided examples and statistics. As you’ll recall from the examples discussed, businesses have suffered staggering losses to these attacks, and while users are becoming more aware of them, their own human nature dictates that these threats will continue. In fact, a recent report by Get Safe Online indicated that over a third (37%) of employees don’t know what to look for to identify common email scams. The report also stated that one in 20 email fraud victims were so ashamed that they hid their mistakes from their colleagues.
With the prevalence of spam circulating the globe in massive amounts, it becomes increasingly important for administrators to understand the potential causes of their IP address ending up on a blacklist. Spammers employ all kinds of tricks to try to send out as many spam messages as possible without revealing their identities. They do this through various techniques such as social engineering, employing malware, botnets, forging of message headers, and exploiting weaknesses in email systems or network infrastructures. For the spammer, it’s basically a numbers game. It costs next to nothing to send out thousands of spam messages, and if even a small handful of people click on a link or purchase a product advertised in a spam message, the spammer can profit.
If your email infrastructure is not properly secured, then you risk being infected with malware and becoming part of a spam botnet. Even if your server is not infected with malware, if your firewall and mail server security settings are not configured properly, your IP address could wind up on a blacklist. To protect yourself from being blacklisted, consider the following recommendations:
You may have heard the terms SSL and TLS, but do you know what they are and how they’re different?
