Think your users would never fall for an email scam? Think again.

According to Verizon’s Data Breach Investigation Report for 2017, two-thirds of cybersecurity breaches are caused by malware installed by malicious email attachments, and 43 percent of those attacks happen when hackers successfully utilize social-engineering tactics to breach company security.

“Confidential information in the organization needs to be kept safe,” I told an engaged audience at the recent Cyber in Business conference 2017 in Melbourne. “So when thinking about securing the perimeter, it’s about securing the data and personal data as well.”

The session included a live demonstration of how a hacker might go about gathering data about an employee of a target organization – showing just how easy it is to win the trust of users by email, get them to click on the attachment of a convincingly worded email, and execute an attachment that would infiltrate the company network and give hackers direct access to all of that company’s data.

‘Sure’, you say. ‘My users would never fall for that’.

Every company wants to believe its users would never knowingly fall for the tricks they receive in malicious emails – but breaches are still happening every day. And it’s understandable: although many malicious email campaigns are still run as ‘spray-and-pray’ exercises – often hastily assembled emails, with poor spelling and little personalization that are sent to massive numbers of recipients – online criminals have also become better at hiding their intentions in highly detailed, convincing ‘low and slow’ messages.

Spray and pray attacks typically emulate the billing emails sent by large and well-known utility companies, banks, or government agencies with which most recipients are likely to have some dealings. By including convincing designs and real logos, then lacing those emails with URLs that point to malware-ridden websites, attackers can install their malicious code if even one user follows the instructions in the mail.

Little wonder high-profile businesses are filling out their cybersecurity defenses and turning the tables on cybercriminals – who are using a steady stream of attacks to target email systems containing more confidential, business-critical information than ever.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Equifax Breach: Tips for email security and GDPR compliance

What Your Business Can Learn from the Eq…

What Your Business Can Learn from the Equifax Breach With s… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Oct 16, 2017

The Real Advantage of Moving Your Security Controls to the Cloud

The “Network Effect” It is not exactly…

The “Network Effect” It is not exactly news that most secu… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Oct 16, 2017

How to Prepare for and Respond to an Email-Based Attack

This is not a drill.  Your email is…

This is not a drill.  Your email is under attack. Is y… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017