In 2020, we saw a global switch to a remote workstyle. Some industries managed to adapt in a blink of an eye, while others struggled to implement all necessary changes and keep up with the new rhythm.
However, there is one thing both these categories have in common - the increased risk to their email security.
Since businesses started relying on cloud email more, cybercriminals became more persistent in breaking through the defenses to gain access to valuable financial information data or install ransomware. According to the Phishing and Fraud Report 2020, the number of phishing attacks grew by 220% at the pandemic's peak. Scammers and phishers made it clear that they don't care about ethics and would gladly exploit any vulnerabilities in your network.
Resisting their plans and schemes is a group effort. While email services and internet services providers work on additional measures for intercepting and penalizing cybercriminals, users worldwide must show extreme awareness of the latest trends used by phishers and fraudsters to slither past the mailbox's defenses.
This blog post will help you do your part and be more aware of the modern dangers that threaten your email data.
RaaS is the latest and the most obnoxious security challenge that organizations have been dealing with since 2020. It works exactly as it sounds: a group of malicious actors with the knack for creating harmful ransomware sell their harmful programs to a lot less skilled cybercriminals, letting thousands of ill-intentioned people without any technical background commit cyber extortion. So, you can already see the problem: RaaS made it much easier to spread chaos and launch malicious campaigns. Around two-thirds of ransomware attacks were attributed to RaaS in 2020. By 2021 the appetites of RaaS-using crooks grew even higher, going for more expensive ransoms and continuing to compromise organizations.
Much like with any ransomware, the best defense against programs designed to assault your network and steal your data is proactivity.
The important rule of data backup is to never use the same cloud service or media for storing your copies. That defeats the entire purpose of the 3-2-1 strategy.
While not new, CEO fraud phishing has been on the rise since 2020. This method is based on the impersonation of a company C-level executive to steal login data, business data, or even corporate funds.
CEO fraud phishing works the following way: a user gets a message that a credible person allegedly sent from their workplace: their CEO, chief marketing officer, or chief financial officer. The message asks the user to help with a work-related transaction, such as a wire transfer to a vendor. Of course, there is no vendor, and the company's funds get sent to the fraudster's account.
CEO fraud phishing is also used to attain private employee information and sensitive company data by targeting HR managers and IT teams.
CEO fraud is usually committed by either using a compromised email account of a C-level executive or creating a fake domain that mimics the official's name. On average, each CEO fraud cost a company around $75,000, while the reported loss for businesses that suffered from this impersonation scam between 2016 and 2019 was $26 billion.
The popularity of Google Workspace, Office 365, and other cloud platforms became a double-edged sword for many businesses. While these services are of great help when building a network and communicating with in-office and remotely working teams, they lack security, making businesses more open to all kinds of digital threats.
We're talking about malicious hackers gaining access to the private information of your employees, stealing login credentials, or manipulating your staff via social engineering and brand impersonation. For example, they gain the list of companies you try to reach and pretend to be them to make you open an email or download an attachment.
Cyberthreats became more sophisticated and, to everybody's horror, more mainstream. With the appearance of RaaS, the amount of ransomware attacks is guaranteed to increase within a short time. Meanwhile, networks became less stable due to mass migration to platforms and adjusting to the new norm.
Nowadays, it's imperative not to make phishers, and ransomware senders feel at home and give in to their appetite. Instead, every legitimate sender and business owner must work on their defenses and stand their ground.
To close this post off, we'd also like to remind you that many modern security solutions authenticate the sender by checking both DNS records and public records. The more authentication protocols you have, the harder it is for phishers to compromise your mailbox.
Dedicate some time to ensuring that all your email authentication protocols are in place and contain accurate information about your domain. Don't know how to check your settings? Folderly can run a quick test of your domain and notify you if there is a problem with your DNS settings.
As we always say, the quantity will never matter more than quality. You can add thousands of email addresses to your sending list, but it won’t mean anything if you never bother to verify any of them.
Time changes everything. It forces you to pick new strategies, discard Plan A in favor of Plan B… Sometimes, it even makes you rewrite a template you worked so hard on. But don’t let it make you afraid of changes. Change is good, especially when you are ready and have some template-refreshing tricks up your sleeve.
You have reached the maximum per-minute rate limit.
Try again in one minute.