The Art of the Steal: How Fraudsters Are Exploiting Email

The Art of the Steal: How Fraudsters Are Exploiting Email

People have been finding ways to rip each other off for centuries — historians say the first documented case of financial fraud occurred in ancient Greece around 300 B.C. It is no surprise that fraudsters in 2020 are using the global pandemic to hoodwink victims on a massive scale.

Increases in remote working due to the pandemic have amplified the risks businesses face from a variety of email-borne threats. Interpol, the FBI and other law enforcement agencies all report record levels of ransomware, phishing and impersonation attacks designed to exploit lax security practices by home-based employees.

Such crimes are costing the global economy $2.9 million every minute, according to the latest version of RiskIQ’s “Evil Internet Minute” security intelligence report. The report further says that new threats are emerging at the rate of 375 per minute, with 35 pandemic-related spam emails being analyzed every minute.

A separate study conducted by the Vanson Bourne research firm finds that organizations are largely pessimistic about their ability to stem the tide of such attacks. In the global survey of 1,025 IT decision makers, 60 percent said they believe it is inevitable or likely they will suffer from an email-borne attack in the coming year.

Email Spoofing on the Rise

Respondents note they are experiencing rising numbers of spoofed emails that use a forged email header to make it seem as though the message is originating from a legitimate source. Analysts say scammers are sending more than 3 billion domain spoofing emails every day, and that 96 percent of all phishing attacks are carried out via email spoofing.

This form of digital forgery is possible because the Simple Mail Transfer Protocol (SMTP) — the standard protocol for sending emails across the Internet — does not provide a mechanism for address authentication. Although there are address authentication protocols and mechanisms that can help battle email spoofing, they typically require complex configurations that are likely beyond the skill level of the average remote worker.

Working with a managed services provider such as Verteks is a good way to offload that complexity. We have the staff and expertise to implement a variety of email defense mechanisms that contribute to a layered security posture. For example, we help clients augment basic security measures such as antivirus, antispam and other signature-based methods with additional protection mechanisms such as:

  • Domain Message Authentication Reporting and Conformance (DMARC). This email authentication protocol helps identify spoofed email messages and notifies email servers to delete those messages upon receipt, keeping them out of inboxes and preventing their propagation.
  • Secure messaging gateways. These are essentially email firewalls. Deployed as either hardware or software, gateways analyze emails against dynamic databases of blacklisted URLs, flagged keywords and other characteristics, and then block or quarantine suspicious messages before they are delivered to their intended recipient.
  • Data Loss Prevention. DLP solutions scan email headers, body content and attachments to enforce a range of best-practice security measures. They can prevent sensitive information from leaving the company by email, and prevent unauthorized users from downloading or copying data onto USB devices or other unsecured endpoints.

Email has been a great business tool for decades, but fraudsters are continually finding new ways to exploit the communication medium to bamboozle people into giving up money, data or access. Give us a call to discuss ways to improve your email security and reduce the threat to your remote workforce.