(Source: kerly chonglor/Shutterstock.com)
Sixty-three percent of companies surveyed by CSO Online in March 2020 indicated that they had experienced a cyberattack over the past 12 months. Cyberattacks often capture or manipulate data to compel the user to release the undesired software actively. Of the malware linked to the data breaches, the survey found that a massive 94 percent came through email. Since then, remote work has increased because of COVID-19, while the Internet of Things (IoT) continues to connect increasingly more smart devices. These cyberattacks cost companies millions of dollars each year, continuously increasing the importance of protecting data. As a result, data security is more important than ever. Here, we’ll describe the causes and prevention methods of email cyberattacks, and two new forms that are gaining popularity.
A cyberattack sent through email might look like this, sent from the address of a company executive:
“Internal audit discovered an error you caused during the monthly financial roll-up. Please move $175,000 back to our management M&A account located here by EOB today to rectify the mistake.”
Several warning signs reveal something is off with this note:
Cyberattacks prey on the recipient’s fear of making a critical mistake; the sender uses this fear to trick him into following a link or visiting a website that they use to extract personal information. Following any link in a cyberattack email usually provides a direct path for the sender to extract information.
Phishing is a type of email attack. These emails come from a third party, such as a lawyer or consultant, and often appear to copy a company executive’s email address in the cc: line. The receiver of this type of message believes he or she has made a critical error visible to an executive, leading to a panicked response.
Spear phishing and whale phishing are more advanced types of targeted phishing attacks. A person within a company who has access to pertinent information, such as trade secrets, new products, or financial insight is a spear-phishing target. Whale phishing targets C-level executives with apparent access to critical information. Neither target of these types of phishing attacks wants to jeopardize their position, so the urgency level rises when the phishing email arrives.
Malware and trojan cyberattacks have been around for a while, but they are among the hardest to prevent. Malware is software downloaded onto the user’s computer or phone that can spread to other connected devices and networks. It can get onto a user’s computer if it is connected to the internet.
As the name suggests, trojans are disguised as a useful program. Typical examples are Adobe, Microsoft Office, or even a company-specific program. They compel the user to click a dangerous link using an icon that looks like a program he or she uses.
Smishing is gaining favor among data thieves because of the personal and convenient nature of smart devices. This type of cyberattack comes through text messages (SMS), WhatsApp, or social media. They prey on victims who might have their guard down. One method of smishing is by a user sending a text message addressed to someone else, containing what appears to be confidential information:
“Stacy, I can’t believe they passed on purchasing that pharma stock. Look at the new vaccine they just developed!”
The recipient (not named Stacy for this example) thinks he has just lucked into a great stock tip. The link could lead him to the company (incidentally not mentioned in the text). That stock tip he thought he found will put his personal information at risk.
Vishing is an especially devious form of a cyberattack. The caller leaves a voicemail while impersonating a company executive or employee. Voicemails can come from phone numbers that look familiar. If the voice is also familiar, that is usually enough to trigger the victim to act according to the instructions they receive.
In the IoT age, information is an increasingly valuable commodity. Many types of cyberattacks are all aimed at becoming data-rich. Some easy ways to avoid email and message attacks are:
Cyberattacks pose an ever-present, ever-evolving challenge to businesses and individuals. They often result in data breaches that cost companies millions of dollars in lost revenue each year and individuals with their identities compromised. As a result, implementing robust cyber data security strategies is more important than ever. Staying abreast of the more common types of cyberattacks—such as email, malware, trojans, smishing, and vishing—and practicing current data securities measures will go a long way in helping to safeguard your valuable data and information.
Adam Kimmel has nearly 20 years as a practicing engineer, R&D manager, and engineering content writer. He creates white papers, website copy, case studies, and blog posts in vertical markets including automotive, industrial/manufacturing, technology, and electronics. Adam has degrees in chemical and mechanical engineering and is the founder and principal at ASK Consulting Solutions, LLC, an engineering and technology content writing firm.
版权所有©2021 Mouser Electronics, Inc.
Mouser® 和 Mouser Electronics® 是 Mouser Electronics, Inc 的注册商标。