Email-based cyber attacks have become common these days. I am not the only one receiving emails saying that the file in the attachment contains data that I might be interested in knowing. Social engineering has become one of the major tools attackers use to lure targets into opening links or attachments.
A report by Proofpoint titled “The Human Factor 2019 Report” analyzes how email attacks rely on human interaction rather than automated exploits. Based on data obtained by screening 1 billion messages per day over 18 months, the report concludes that more than 99% of the attacks require human interaction to succeed.
Persuasive social engineering makes it difficult to distinguish a fraud email from a genuine one. Most attacks structure an email in a manner that it looks like they have received from a trusted source like Google, Microsoft, or a known contact.
The report also mentions that hackers tend to imitate the business routines of organizations to fool employees working there.
Other key conclusions found in the report include:
- People who are frequently targeted by fraud emails are, usually, not high-profile individuals or VIPs. These are discovered identities or “targets of opportunities” for attackers.
- Domain fraud — registering a domain name that looks similar to popular brands to trick users — lends a sense of legitimacy to a socially engineered fraud email.
- Social engineering is extensively used in credential phishing, sextortion scams, and business email compromise (BEC).
While malicious actors prepare email attacks in a way that makes it difficult to distinguish a spam mail from a genuine one. However, you can identify a potentially malicious mail by checking its domain name. You should also avoid clicking on unknown links and more.
Have you witnessed and escaped an email attack? Tell us in the comments.