One in every two emails is spam!
Every day people receive spam emails but this doesn’t even touch the surface when it comes to the big picture of email security. Spam currently accounts for every other email sent, that’s 50% of all emails and current numbers are the lowest that they have been in a long time.
The reason for the huge volume is that spam and phishing emails work. There are plenty of emails that we all receive that we immediately know are spam but we are also seeing significant numbers of emails that are a lot more deceptive and even those well versed with email security can find themselves mistakenly clicking on a link and suffering the consequences.
What are the most likely threats?
Because spamming has been so successful there are a whole range of ways that bad actors utilize these tools. Over recent years the majority of spam emails were nuisance emails selling pharmaceuticals for which there was a surprisingly large market.
Unfortunately, there are also a number of threats that could affect how secure your information remains using phishing techniques, i.e emails that trick you into doing something by appearing to be from a legitimate source.
Some phishing emails will install malicious software on your device which can perform a range of tasks from mining for crypto-currency (utilizing the power of thousands of infected PC’s to make the bad actors money) through to accessing your microphone and webcam without your knowledge and invading your privacy. They will do this by embedding the software into a link or attachment and when you click on it the malicious software installs.
One of the most destructive threats that we have seen over recent years has been ransomware which holds your files hostage using encryption techniques that are unbreakable until you pay a ransom, unfortunately organisations and individuals alike have fallen foul to this and lost their files, their money or in some cases both.
We have recently seen an increase in a convincing Microsoft Office 365 email that asks the receiver to confirm their username and password, once they type it in those details are stolen and the bad actor uses that compromised account to email the individuals colleagues to ask them to make a large payment.
What do I need to look out for?
In some cases, an email may be easy to identify as spam as it may not read well, may contain spelling mistakes or may not feel right.
In other cases, it may be very realistic. I am always wary of emails from my bank and companies like Amazon, Microsoft or other large companies as scammers know they will get a large number of hits due to the number of customers who access these sites. If there are any messages from these sites I will type in their web address and login to my account rather than clicking any attachment or link in the email.
For more personalised attacks you may receive an email from a friend that doesn’t quite seem right, be especially cautious if they are asking you to transfer money as their account may have been hacked.
If you are ever unsure of an email you can hover over the senders name to see what email address it actually came from, some phishing emails will have a display name that says it came from one person but their email address will be completely unrelated.
If you are ever unsure urge on the side of caution, call the sender to check or ask your IT team to review the email and give you their expert opinion.
What happens if I click on a link or open an attachment?
The reality is that most people will get caught out at some point, especially as these attacks are more advanced and realistic than ever.
If you have clicked on a link the best thing to do is to contact the IT Service Desk as a matter of urgency, they will be able to take the necessary steps to resolve the issue.
If nothing happens don’t think that all is OK, the actions will often be taking place in the background.
Other key considerations are ensuring that you always have an up-to-date backup of your files and changing your password if you just typed it in but are now dubious about whether you should have.
Remember to stay vigilant and don’t open anything that you are unsure about.
Author; Andrew Coyle, GDPR, Information Governance and Security Manager at Smartdesc Ltd
