One of the most common cyber-attacks in 2020 came in the form of phishing e-mails.
Many of these e-mails came from financial institutions and social media platforms.
When it comes to e-mail attacks, all it takes is one careless employee to bring down an entire company.
This is exactly what happened at the Museum of Science and Art in San Francisco.
One morning, an employee received an e-mail from a mailing list she had subscribed to.
The e-mail contained a link to a document shared among the subscribers.
When she clicked on the link, a familiar Google login screen appeared. So, she entered her Gmail information.
Problem was, the login page was a phishing page, and her information went to hackers overseas.
The employee was unaware her information was compromised.
For the next three days, nothing happened. Then suddenly the hacker reappeared.
First, the hacker deleted the contact list in the employee’s Gmail account.
Then, they redirected her e-mails to the trash bin.
Lastly, the hacker sent out an e-mail from the employee to all her colleagues.
The hacker tried to make the e-mail look official and related to work but made one mistake.
The Museum is often called the Exploratorium, but in the e-mail the hacker spelled it “Explratorium.”
The e-mail sent from the first employee’s account lured victims to another phony Google login.
When co-workers reached out to the employee all her e-mails went to her trash bin.
When the employee tried to send out an e-mail alerting everyone about the scam her contact list was gone.
She had no choice but to warn her co-workers by word of mouth that they shouldn’t open the e-mail from her.
But, the harm was already done.
The Museum IT staff said that 54 employees had clicked on the phishing email.
It’s uncertain how many entered their credentials.
The IT department learned that the hackers were in Nigeria.
The fact is, phishing e-mails are a very common social engineering attack used by cybercriminals.
Hackers contact their victims through e-mail pretending to be from legitimate companies.
E-mails impersonating LinkedIn were some of the most opened fake e-mails in 2020.
One reason is the e-mails say something such as, “People are looking at your LinkedIn profile.”
Naturally, if you receive this e-mail you want to look at who is viewing your LinkedIn profile.
And about 45% of people who received fake LinkedIn e-mails opened them.
But these cyber-attacks are nothing new.
In fact, one occurs every 39 seconds.
Since the pandemic, the FBI has reported a 300% increase in cybercrimes.
And in 2021, six trillion dollars is expected to be spent on cybersecurity.
With no end in sight, here are the top e-mail cyber threats that we will likely see in 2021.
Most company IT departments focus on protecting their executive staff, as they often have the most critical information.
But, hackers know this…
So, they have turned their attention to a company’s supply chain.
In some cases, hackers have taken control of legitimate e-mail accounts of third-party suppliers.
These suppliers are trusted by the target company.
And suppliers with large client databases will be more tempting than ever.
Imagine if a supplier with 1,000 clients sends out 1,000 fraudulent invoices.
The damage will be continual.
To protect yourself from this always be cautious with e-mails from third parties.
Even if it is someone you do business with, it is always a good idea to call the vendor to confirm communication. (a real phone call)
The decreased life span of attacks:
In the past, hackers would attack the same company or person for weeks or months.
Yet, in 2020 the life span of e-mail phishing attacks dropped to only 12 hours.
This makes it difficult for IT experts to block hacker’s IP addresses.
It is also hard to identify how much information is compromised.
And this scenario is likely to get worse.
Hackers may only attempt their scam for one hour, or just attempt the scam once and shut it down.
These days, you can buy a website domain so cheap that it doesn’t cost much for hackers to use a new domain each time.
A new domain with no record of activity will pass most e-mail security checks in place.
The best practice is to never depend on your e-mail security to save you.
Human eyes should check everything (such as the URL or login pages) before taking any action.
Ransomware will lose its payoff:
You’ve probably seen stories of hospitals or companies paying a ransom to hackers to get their data back.
But, with remote and cloud working skyrocketing in 2020, less data is stored in on-premise networks.
Which means ransomware attacks may no longer be the best method for hackers.
That’s because cyber criminals want a monetary payoff.
Fake e-mail invoices are easier and more lucrative. Plus, they are less likely to draw the attention of the FBI.
Impersonating legitimate businesses will enable more e-mail attacks.
These e-mails may only contain an invoice with no link or attachment so they bypass many of the cybersecurity tools in place.
Attacks will focus on getting past cybersecurity protocols.
They will target the human element such as wanting to pay off an invoice…
Or wanting to respond to an e-mail from an employee you know and trust.
The good news is, the cybersecurity industry is growing every day.
But, it will take a considerable amount of time to catch up to the evolving threat of cybercriminals.
So, the next time you see a misspelling in your work e-mail, don’t just open the email.
Check with the sender first to see if it’s legit to ensure you don’t infect the whole company.
And when online, always, always use a VPN (virtual private network.)