After examining half a billion emails sent between January and June, researchers at FireEye revealed that an alarming one out of every 101 emails are malicious, but it’s not just malware that you should be looking out for. While malicious emails can either contain a link to convince you to download harmful software onto your system, attackers can also deceive you into divulging sensitive information through phishing scams.
In fact, 10 percent of all malicious emails sent today contain viruses, worms, ransomware, trojans, spyware, or adware. These emails are classified as malware. However, most emails — an overwhelming 90 percent — are based on social engineering scams, such as spear phishing, impersonation, credential harvesting, or other schemes. The number of non-malware scams has increased by 65 percent year-over-year.
The shift in attack strategy has been largely driven by the adoption of mobile devices. Because most people check their emails on their phones, it’s harder to send a virus that way and attackers are changing their strategy. “With email security solutions focused on detecting malware, cybercriminals are adapting their attacks, exposing organizations to malware-less assaults such as CEO fraud,” FireEye reported.
Researchers noted that it’s easier for hackers to trick their victims into thinking they’re communicating with someone they know with CEO fraud and spear phishing campaigns because “most mobile email clients display only the sender’s name — and not an email address.” By using social engineering, these types of attacks are much easier to carry out against victims using mobile devices. Hackers no longer have to spoof an entire domain name — instead, all they need to do is convince you that you’re communicating with a trusted person, like a boss or CEO, by faking the name displayed in the header of the message.
Though phishing campaigns have been on the rise worldwide, these types of attacks have gained a lot of publicity in the United States since the 2016 presidential election. It’s been reported that a successful phishing attempt gave Russian hackers to approximately 60,000 emails belonging to John Podesta, the campaign chairman of Hillary Clinton. The tactic was also used to breach the network of Sony Picture Entertainment in a highly publicized hack in 2014.
FireEye claims that email is the most popular vector for cyber attacks, and that “91 percent of cybercrime starts with email.”