May 26, 2015

Secure Email? What Employees Need to Know About Strange Internal Emails

‘Gone phishing’ is a hugely popular pastime for cyber criminals - and the reason why all organizations should have email security best practices in place.

Cyber criminals are constantly phishing for information in order to steal credentials and identities or put malware on a system, and they send emails to both personal and company email addresses.

There were 46,747 phishing attacks alone in December, up 24% from November, according to the 2014 Cybercrime Roundup from RSA.

The Anti-Phishing Working Group reported over 20 million new malware samples – over 227,000 new malicious files every day – in the third quarter of 2014.

What are current phishing email trends?

  • There’s an ‘emergency’. The Better Business Bureau says scammers rely on emotion to get someone to make a quick decision about responding. A ‘You’re Under Investigation’ email is trending, and there’s usually a negative consequence if the recipient doesn’t respond (such as blocking access to funds). Phishing emails may also use bait such as a tax refund or free prize.
  • The subject line reads ‘Internal ONLY’. Impersonating domain administrators is a current tactic, according to this net-security.org article. Recipients are asked to follow a link to an encrypted message. Sometimes the URL leading to the file contains the domain used in the recipient’s email address – which makes it look official.
  • The recipient has to click on a link or an attachment. A link in a phishing scam often connects to a website that requires personal information such as credit card account numbers or PINs; or clicking on the link or attachment allows malware onto the system.
  • The sender is unknown. It makes sense to be wary of any message from someone you don’t know. But a 2015 Software Advice report said 39% of employees still admit to opening emails that they suspect is fraudulent or might contain malware.
  • The email is from a ‘trusted’ source such as a social media friend. Cyber criminals source information on social media sites. Over-sharing personal and company information is one way company employees are helping criminals launch very successful and sophisticated attacks, said Joe Ferrara of Wombat Security Technologies, in a blog.
  • It’s first thing in the morning – or Friday afternoon. Based on attacker-send patterns, most phishing emails are sent between four and six in the morning and late in the afternoon, especially on Fridays when employees are rushing to leave.
  • Something’s not quite right. The name of the organization isn’t quite perfect, or there are grammar mistakes (many phishing emails originate in another country). The link address may be really long and may not include the actual organization website address.

To protect mail security and fight back, organizations need a comprehensive information security policy that includes spam-blocking and filtering on computers. There should be a BYOD policy that outlines safeguards (file encryption, for example). Regular security awareness and email compliance training is also important. The experts recommend interactive training focused on problem-solving.