An email has become an integral part of every enterprise, globally or internationally. 95% of the business organizations worldwide use email as a medium of communication since it is easy to reach new, existing and future customers by delivering private, transactional or important messages, in the most convenient and affordable way possible. The email infographic tells us that 2.8 million emails are sent every second and 43.5 million consumers check their email daily. As most of the world is dependent on an email, cyber attackers take no time to take advantage of the sentiments of recipients for their illegal means. A huge percentage of cybercrime is either email-based or employs email as part of the process.
Behind every national or international disaster, there are thousands of cybercriminals trying to exploit it. Cyber attackers tend to use our emotions, especially concern, fear, love, trust and greed, seasoned with a twist of urgency against us. As the world is contending with bearing COVID-19 and the consequences followed by it, this sense of urgency and turmoil is misused by all the cyber predators for illegitimate activities. During a serious outbreak in Italy, 10% of all Italian organizations had been targeted by a phishing email that (translated) said, “Due to the number of cases of coronavirus infection that have been documented in your area, the World Health Organization has prepared a document that includes all the necessary precautions against coronavirus infection. We strongly recommend that you read the document attached to this message.”
This is an example of standard spray and prays to phish. It aims to target as many people as it can to trick the people as the need for contentment. The emotions being played in the Coronavirus phish are concern/fear, trust (in the World Health Organization), and urgency (protect yourself before it is too late). The attached document was titled, “Coronavirus: Important information about precautions”. Reading it leads to the Ostap Trojan-Downloader which has been used elsewhere to download the TrickBot banking trojan.
Cybercriminals use situations like COVID-19 as a lure or bait to trick people. It aims to play an emotional card on recipients to respond to emails and conspire them for the implantation of malware and put their sensitive data at risk. More specific lures based on the known interests of the target are used in focused phishing known as spear-phishing.
Statistics behind the threat
Statistics vary on the nature of a cybercrime. According to FBI reports, in just 2019, $475 million is lost by victims of confidence and romance fraud, $160 million lost to identity theft, $111 million to credit card fraud, $100 million to advance fee fraud (originated by Nigeria) and $54 million to tech support. Overall, 90% or more of all company breaches involve emails; 90% or more involve successful spear-phishing; and 90% of all malware is delivered by email.
Business email compromise (BEC) reported crimes like elder fraud (highlighting that the elderly are particularly targeted in all forms of email scams), tech support fraud and ransomware as the buzzing crimes of the year. Not only businesses or enterprises but individuals are getting targeted too. According to BEC, an individual Shark Tank’s’ Barbara Corcoran lost $380,000 in February 2020, by successfully fooling Barbara’s assistant to instruct her bookkeeper to send $388,700.11 to a company in Germany.
Attack and defense
The three basic types of scams are:
The top target of cyber criminals are elderly and lonely due to their sensitivity of being manipulated quickly. Malicious attachment or link is more widespread among the types of scams. The body of a malicious email contains a message designed to lure recipients into clicking an undesirable link or a message that can lead them to a malicious site. On a malicious site, an illusion is created by a cyber attacker which demands the recipient to enter sensitive data like passwords or credit card details. While illegitimate activities are going on the bogus site, the attacker can install malware on the system of the recipient, steal information leading to banking fraud or ransomware.
Criminals spoof the source in the most advanced crimes such as reaching out from a similar domain name with few misspellings or grammatical mistakes to play with the recipient’s mind. For example: bankofamericaco.com (currently available) for bankofamerica.com. The intent is to gain the trust of the receiver and trap him to take false action.
With the advancement of technology, people believe the rate of cybercrime might decrease. But in fact, it is more likely to exponentially increase as tools like Artificial intelligence and machine learning are the greatest assets for the cyber predators.
Machine learning is a technology where actions are learned from examining and analyzing masses of data, nowadays known as big data. Criminals have access to the algorithms that are used in machine learning. They also have access to huge amounts of data to teach their machines.
Criminals are expected to use automated machine learning against the stolen sensitive credentials available on the dark web to learn targets and attack consumers at scale and automatically
Email and browser filters
Email providers and browsers are majorly known to filter out threats. There are built-in ‘spam’ filters designed to remove the junk emails and block the malicious sites entering into our mail. But cybercriminals are incredibly fast in creating new malicious sites, therefore it is important to adopt a permanent solution.
A good, up-to-date, and mainstream anti-malware product will protect you from the most advanced attack technologies with the latest unknown malware. But it is not reliable in the long run. Anti-malware is just the important starting point for your defense against the email threat.
DMARC and BIMI
DMARC (Domain-based Message Authentication, Reporting, and Conformance) and BIMI (Brand Indicators for Message Identification) are technologies that should be implemented by all companies operating on-line. DMARC is a technology that works between companies and email providers that will detect attempted brand name spoofs. If fully installed, DMARC will block all false emails apparently coming from legitimate companies.
However, there is a problem. The end-user could falsely believe that the emails received are legitimate when they are not (because the sender isn’t using DMARC). A solution to this can be found in BIMI. Companies that have installed DMARC can use BIMI with the email provider to add a company logo adjacent to DMARC-protected emails. If this logo appears with the delivered email, it is a strong indication that the email is genuine.
Technology has provided several measures to reduce the email threat, however it is impossible to completely eliminate it. It is entirely dependent on one individual’s own behaviors and precautionary efforts to be safe and protected.
We should be extra cautious while dealing with emails and check for obvious spelling errors, grammatical mistakes. We should clearly notice the sender’s email address and shouldn’t open it if it’s not expected or looks illegitimate. A good tip is to hold the cursor over the sender name and see the email address being used.
The same process can be used with links embedded in the email body. If you hold the cursor over the link – without clicking – you will see the actual address. It may obviously be malicious, or it may be disguised via a bitly-style link shortening service.
Overall, it is crucial to be cautious while handling email threats. Inserting a delay between receipt of an email and reaction to that email will allow you to more easily see inconsistencies and hidden threats in the message.