Cybersecurity in 2022 is being presented with a growing concern especially since the pandemic and remote working: Email attacks.

‘I hope this email finds you well…’ is a phrase that has become modern-day meme fodder everywhere on social media, especially when it comes on a Monday morning before your refreshing cup of morning tea or coffee. You would typically need a regroup and neatly gather your thoughts before responding and starting your day. 

According to Fortinet, approximately 300 billion emails are sent out every single day around the globe. Unfortunately, out of the legitimate ones that hope to find you well every day, some emails could be cyber threats in one way or another. 

Now that we are well into 2022, we can still get an odd email from a lost, stranded prince who needs you to wire money to him so he can go home and hopefully refund it to you.  

Email Threats You Should Watch out for in 2022 

With email security, it’s good to know how to protect yourself in the unfortunate circumstance that this ever happens. The first step is understanding the process and drivers behind malicious emails.   

Social engineering is a tactic used by malicious actors like the ‘lost and stranded prince’ to gain your trust and exploit it for monetary gain, with the medium of choice being casting a wide phishing net through emails. They prey on your curiosity and confidence. It can threaten your business as attackers may also use ransomware as a malicious tactic to extort you to return access to your sensitive data and systems. The goal is not to get to that point!  

When it comes to email cybersecurity threats to personal and even corporate email addresses, social engineering manifests itself in the following ways:   

1. Phishing: Attackers use email, social media, or SMS to trick victims into divulging sensitive information or directing them to a malicious website to infect your device. They leverage your curiosity. The target in mind is any specific curious end-user.  
2. Spear phishing: In this tactic, attackers use research and email as a medium to trick specific members of an organization or particular end-users into giving sensitive information or directing them to a malicious website to infect devices. It is a phishing scam but a well-researched and targeted one.  
3. CEO Fraud: This is when an attacker impersonates the CEO of an organization through spoofing and usually targets the finance department in the same organization. The goal here is to secure a wire transfer.   
4. Whaling: A whaling attack uses sophisticated social engineering techniques to steal confidential or personal data with a financial motivation. The targets are typically executive or heads of government agencies.   
5. Business Email Compromise: This is where attackers pose as suppliers and target finance departments in a company, primarily when they typically conduct wire transfers.   

These threats may use a technique called Domain Spoofing, where they trick the recipient using domains that may appear to look trustworthy. The end goal is to get information and squeeze money out of their victim.

Now that we know the different forms of email threats, this is how you can minimize the chances of you being a victim:  

1. Be vigilant. Anyone sending you suspicious emails claiming to be a person of high status, asking you to send them money, or even expressing a personal interest in you can be a cyber threat. Report the email as spam and permanently delete your spam folder as well.   
2. Always check the email address and do your due diligence by researching the company before responding with any personal information.  
3. Hover over hyperlinks before clicking. It is where you can spot inconsistencies and assess the legitimacy of the domain.  
4. Suppose the unfamiliar email comes with emojis or grammatical errors. Back away from it. It is a suspicious email.   
5. Configure your email addresses not to download graphic images and do not download attachments from unfamiliar email addresses.  
6. Your passwords need to be strong, pass phrased, and never re-used. Also, make a point of setting up a multi-step authenticator as an extra layer of security.  
7. Lastly, always follow the cybersecurity rules at work. When in doubt, shout it out. It’s better to be safe than sorry. Here is some more information on teamwork regarding cybersecurity. 

Your email is your primary form of official communication, sensitive information is shared, and it needs a strategy to ensure it’s secure. A little more knowledge and support can make all the difference to that email finally finding you well permanently! Your email is your primary form of official communication, sensitive information is shared, and it needs a strategy to ensure it’s secure.

Reach out to us here, and we will help you with that. A little more knowledge and support can make all the difference to that email finally finding you well permanently!