Let’s face it: we spend far too much time each day dealing with email, especially in a business. It is then no surprise that the most prolific attack vector against a person or company is via email. So why don’t we have ways to stop this completely?
The simple answer is: human nature. Remember the old saying “curiosity killed the cat”? We’re curious by nature, so it’s understandable that we want to open that email with the subject line “Re: Invoice 3584” to see what they’re talking about. It’s also understandable that we would want to open that attachment claiming to be the invoice to see if it’s one of ours. There are tools available that try to weed out those emails before they ever reach us, but no tool is perfect. And the stricter a tool is at trying to weed out those emails, the more likely it is to block legitimate email as well. So that brings us to trying to change human nature.
How can we change human nature though? We can attempt it through education. We have all heard the common rules of thumb:
- don’t open an email from someone you don’t know
- don’t open attachments
- don’t click on links
- don’t answer requests for money
If we’ve all heard these, why is email still the most popular way to get hacked? The attackers are getting smarter. They’re skilled at making emails seem trustworthy, and they’re now finding ways to compromise the email accounts of people we trust so that they can send us emails that we wouldn’t think twice about answering. Tools can still help in trying to identify and block these, but education is still necessary to help us recognize these new, trickier emails.
To get started, visit our website here to download the Top Phishing Messages Q3 2018 infographic and the 5 Tips Awareness Sheet. Then read this story about two executives who fell victim to a type of email attack called CEO fraud. Finally, contact us here to learn how a combination of tools and user security awareness training can help combat the email-borne threat.