With a heightened level of deception and manipulation involved in these attacks, email security requires a zero-trust approach.
The widespread use of email provides cyber criminals with cheap and efficient means of targeting victims for fraud. Whether by “spoofing” email accounts or breaching business partners’ email systems, cyber criminals continue to successfully deploy social engineering schemes, catching even well-intentioned employees with deceitful emails. These schemes often succeed despite a high level of publicity because employees trust and accept unsecured email without taking the necessary steps to verify a message’s source and content, even when it involves electronic payment instructions.
Guarding Social Engineering Fraud: Re-examining a Global Problem breaks down some of the more common social engineering fraud schemes and how to prevent them.
Even with protections put in place by internal IT departments or outside partners, email remains an unsecured and unreliable technology capable of being hacked, altered and manipulated. An increase in working from home over less-secure wi-fi networks and an uptick in the use of e-commerce and electronic transactions has created a busy environment for cyber criminals to exploit email for fraudulent activities