It has been said that email is a cyber-criminal’s best friend. Email has become a very popular tool for hackers to go after their victims. If you think the day of the Nigerian Prince who is desperately seeking your help and willing to pay you $5,600,000 just for allowing you to use your bank account to transfer his family’s immense fortune into the USA, as long as you send him $5,000 to initiate the transaction, are over, you are sadly mistaken. It just morphs into a slightly different scheme. Earlier this week I received an email from James Comey, Director of the FBI, advising me that the $10.3 million dollars due me and that had been held up by international exchange problems was now being released. All he needed was my banking information, including my ID and password. It came from the email address FBIDirectorCmey@usa.com. And, yes, Comey was spelled Cmey.
While this was an attempt to attack me personally, it is an example (ok, a poor one from the hacker’s point of view) of one of so many attempts that are made every day.
A less defendable technique is the email coming from your very own bank…or your company’s bank…asking for verification of information for your own “protection.” Except that it’s a perfect copy of your bank’s email form but it’s not from them. Unfortunately, very smart people are still falling for this every day, including employees holding sensitive information at companies of all sizes.
Another target has become the business traveler. Spoofers set up travel sites dedicated to the business traveler, whose defenses may be somewhat diminished simply because travel tires you out and when you’re tired, you make mistakes. Say you are in Cincinnati and need to book a car in Omaha. You mean to visit Expedia.com but instead, type “expedia” into your browser, hit return, and Google rewards you with a whole list of choices. You click on rentalcars.expdia.com and reserve your car, giving your company’s credit card number, expiration date, and security code and, voila!, just like that, the cyber-criminal has all your credit card information. He spends the next five minutes racking up thousands of dollars on your card, which no one will discover until the bill reaches your accounting office and someone reviews it and discovers what has happened. This may be weeks after the event. They do the same thing with banking information, personal information, health care information, etc.
This can become particularly problematic when using cell phones. Many people are diligent about email security when setting up controls on their laptops and tablets, but smartphones are harder to protect, partially because the size of the content you are trying to read can be so small.
But one of the biggest problems is simply the fact that as soon as you protect yourself against one threat, another pops up in its place. One email security expert likened it to a game of Whack-a-Mole.
In a short article like this, we can only touch the surface of the problem, but if you would like to learn more, including what you can do to protect your company, check out our white paper on Email Security.