By the end of 2017, it is estimated there will be 4.9bn email accounts worldwide with business emails accounting for 929m mailboxes – a veritable hunting ground for cyber criminals and their carefully crafted fraudulent emails.
With the advent of email and the introduction of instant messaging services, it has become easier to contact those who were previously considered “unreachable”. Conversations and canvassing over the telephone, which has traditionally been the mainstay for many business operations, has become less frequent and the average email inbox is now littered with loquacious literature.
Of course, firing off an email into cyberspace is no guarantee you will penetrate the person you intend on getting a response from. If anything, it’s the perfect excuse for him or her to ignore your correspondence. As inboxes become more flooded, people will naturally pick and choose upon sight who to reply to, based on recognition and associated content. But has this meant we’ve become less likely to spot fraudulent emails?
The job of a cyber criminal has intensified over the past few years, requiring them to be increasingly sophisticated and clever in their approach. In the past, criminals have traditionally relied on “flood them fast” email distribution by targeting numerous inboxes with spam notifications purporting to be from businesses such as banks.
Awareness campaigns from businesses have helped to tackle the issue, meaning many quick-thinking consumers have started to grow more savvy, refusing to click on unsolicited links.
As a result, cyber criminals have turned to social engineering and the support of realistic looking spoof emails to dupe targets. These mimic everything from “links” to incredible deals on offer from well-known retailers to emails from trusted contacts, where the sender’s address has been so subtlety adjusted it appears to be legitimate.
In fact, so accurate are these emails in appearance that it is calling into question whether correspondence from organisations dealing with sensitive data, such as governments, should be using email accounts at all, and whether a more secure method of communication should be adopted.
For example, the cyber attack on UK parliament, which resulted in the breach of dozens of inboxes, could have been an incredibly valuable hack for the cyber criminals involved. Highly sensitive content can be sold for a huge financial gain – and information in the wrong hands could cause worldwide catastrophe.
There is no outright answer to dealing with fraudulent emails and spoof spam. Cutting email out of the equation entirely is not realistic. Of course, fraudulent activity can be kept at a minimum and mitigated by adopting up-to-date software and implementing well-planned, comprehensive backup strategies.
However, human beings hold the key to unlocking the answers to the current cyber crime conundrum. Research by the Information Commissioner’s Office reported that 93 per cent of incidents investigated at the end of 2015 were caused by human error.
Clearly, as fraudsters become more adept at creating cunning ways to cut through the cyber psyche of their targets, spotting a spoof email will become nearly impossible. Nobody is immune.
Re-educating the workforce and raising awareness of the issues surrounding cyber crime are essential. Regular testing and “digital fire drills” for staff should be as much a part of a company’s strategy as their sales and marketing plans.
“Friendly phishing expeditions” – where staff are sent spoof emails at random to test their reactions are one way of ensuring there are no chinks in your employees’ armour. Only then, once cyber crime awareness officially becomes part of company policy, will we gain some control over addressing the current vulnerabilities.
Daren Oliver is managing director of Fitzrovia IT, a London-based consultancy that provides cutting-edge IT solutions from across the globe.