Phishing and Email Fraud are Top Security Risks for Corporations
Email is essential for business, but it’s also a top concern for security administrators that need to protect the internal network from data breaches and loss of digital assets. With a combination of reconnaissance and social media, an attacker can form a list of possible victims and target them in an attempt to get credentials or even send malware to infect a local machine. From there, the attacker can steal data or even use ransomware to hijack data and hold it hostage for a fee.
Study Shows that Email is a Critical Threat
A recent study polled 2,250 IT decision makers to find out what threatens their network the most in 2018. 77% of the IT individuals polled said that their biggest fear was negligence and fraud from email attacks.
Email protection is much different than blocking unfettered Internet access. Most organizations have systems in place that block malicious sites. Vendors sell software that blocks known malicious sites, and the database is updated regularly to allow IT administrators to choose topics to filter based on categorization from the vendors. It’s not a 100% foolproof method for blocking sites, but it does help filter much of the content that could be harmful to the corporate network.
Several vendors also offer email filters that block executables, attachments that contain macros, or just email that’s considered spam. Even public email vendors such as Gmail or Yahoo attempt to filter malicious phishing emails and place them in a spam box. With corporate email, it isn’t enough to place email content in a spam filter, because many employees will still fall for much of the scams by going into their spam inbox and reading the content or running executables. Plus, employee accounts are more lucrative for criminals.
Email Addresses are Easy for an Attacker to Find
For these reasons, attackers use email to trick naive users into entering their credentials or running malicious software. They scour social media looking for key personnel to target. LinkedIn is especially useful because many people use it and put their entire work history, current employer, and title on their personal pages. They have connections openly available to anyone who wants to go through the list to find other employees to target.
With a list of key personnel (usually ones that have higher level access than other users), the attacker sends emails or even uses social engineering to contact the target. In many cases, the attacker is able to gain access to the network using emails with a link to a site that looks like an official vendor or corporate entity. Users enter their username and password and the site sends the information to the attacker.
Some users are aware of the mistake if the site returns errors, but others don’t realize that they’ve made any mistakes until their account is compromised. Security administrators must be able to determine that these attacks have happened and monitor user access. Some attackers wait until after hours to log in to avoid detection, but this isn’t always the case. The network administrator and security team must put intrusion detection devices on the network to determine when an attacker is on the network.
Detecting these types of attacks is difficult because the attacker is using official credentials. It’s much different than detecting unusual traffic patterns or too many failed login attempts. Staff should also be educated on social engineering techniques because many times, an attacker will just call and convince the victim to provide credentials over the phone.
GateKeeper stops some social engineering attacks, particularly ones that involve access to the physical machine and websites.