Image credit: CSO Online
Email has been a primary tool for official communications between individuals and companies since its inception in 1971. The importance of email in our current world in personal and professional contexts cannot be overemphasized and the numbers are there to show for it:
• On average, people exchange 126 business emails per day. (Source: Radicati Group).
• People check their work emails 172 minutes a day. (Source: Statista)
• 62.86% of business professionals prefer to communicate by email. (Source: Drag App)
• 124.5 billion work emails are sent and received every day. (Source: Radicati Group)
• Professionals check their emails an average of 15 times a day. (Source: Harvard Business Review)
These statistics show email is an essential tool individuals and businesses leverage a lot. However, when left unprotected or secured it can be a weaponised by cybercriminals to cause damage. Attackers can exploit your email account for their intentions and interests if not properly protected.
Phishing is a frequent cyber attack that targets people via email, text messages, phone calls, and other communication methods. Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent daily. Other statistics featuring email threats include:
• Around 36% of all data breaches involve phishing. (Source: Verizon’s 2022 report)
• More than 90% of cyber-attacks start with an email message.
• Almost 1.2% of all emails sent are malicious, amounting to approximately 3.4 billion phishing emails each day.
• Over 75% of cyber-attacks start with someone opening a malicious email.
• 91% of all attacks begin with a phishing email to an unsuspecting victim.
Also read: Bluetooth Vulnerabilities: How to Protect Yourself from Being Hacked
Common Email Security Threats
- Email phishing
Email phishing is a cyber-attack technique where attackers pose as trusted entities, like banks, service providers, or even colleagues, to trick individuals into sharing sensitive information or downloading malicious software.
As already stated, phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day. This is alarming and a major threat to email security. You may be a victim of a phishing attack once you consciously or unconsciously click a malicious link or attachment delivered via email (or the malicious website itself) and your sensitive data gets stolen.
- Malware and Ransomware
According to Microsoft Digital Defense report, 775 million of email messages contained malware from July 2023 – June 2024. Malware is malicious software designed by cyber criminals to harm or destroy computers and computer systems.
Attackers mostly rely on email to distribute malware wrapped in the email message in the form of attachments or embedded links.
On the other hand, ransomware is a form of malware that locks a victim’s computer system or encrypts a victim’s data or files seizing their availability until a ransom is paid. Email is a primary channel for launching ransomware attacks. Approximately 94% of malware, including ransomware, is delivered via email, often disguised as legitimate attachments or links.
- Business Email Compromise (BEC)
BEC involves attackers gaining unauthorized access to a company’s email account or impersonating legitimate identity to deceive. According to the 2021 IC3 report, “BEC is responsible for $2.4 billion in adjusted losses in 2021 and a 556% increase since 2016.”
According to Gatefy, nearly 94% of malware infiltrations occur through email, often leading to significant incidents such as ransomware attacks that paralyze businesses and demand payment to release data.
- Spam and Spoofing
Spam emails are unwanted messages sent in bulk as a result of email subscriptions. While spam emails may generally be benign, a substantial amount contains malicious links or attachments designed to infect systems with malware, spyware, or ransomware. 160 billion spam emails are sent every day, with 46% of the 347 billion daily emails sent, considered spam (numbers recorded for 2023, Source: Emailtooltester).
Spoofing is what will lure you into revealing sensitive data to a person you thought was legitimate. In the context of email spoofing, attackers falsify the “From” address or create a similar one to gain your trust. 3.1 billion domain spoofing emails are sent per day. Email spoofing and phishing have had a worldwide impact costing an estimated $26 billion since 2016. (Source: Proofpoint)
Also read: 6 Common Social Engineering Tactics You Should Know
Common Best Practices for Email Security
- Use strong passwords
Creating strong and complex combination passwords makes your email account more secure and difficult to guess. Don’t only create strong passwords, make sure you regularly update them as well.
- Enable Multi-Factor Authentication (MFA)
Adding a multi-factor authentication will add another layer to your email security and safeguard against unauthorized access.
- Employee education
Investing in employee education will create awareness of phishing scams and the identification of suspicious links and attachments that can go a long way to safeguard your business.
- Regular Software Updates
Updating email clients and security regularly helps to protect against unknown vulnerabilities and exploits.
- Use Email Encryption
Make use of email encryption to protect sensitive information in transit from being intercepted and alter ensuring the right message gets to the right recipients.
Also read: Most Targeted Sectors by Cybercriminals — Microsoft Digital Defense Report 2024
Technical Security Solutions for Email Protection
- Email Security Software
Email security software provides tools for scanning incoming emails for malware, phishing links and suspicious attachments which can reduce your chances of being a victim.
- Spam Filters and Blacklisting
Spam filters block unsolicited and harmful emails by analyzing the content of the email message by finding patterns. Blacklisting do away with email messages sent from malicious sources.
- Domain-based Message Authentication, Reporting & Conformance (DMARC)
DMARC, along with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), helps authenticate the sender’s domain to stop email spoofing and unauthorized use in phishing attacks.
About Author
