Whether you’ve been the victim of a data breach yourself or seem to spend a disproportionate amount of your time checking whether emails from “PayPal” or promising you a tax refund are legit, the chances are you’re aware of things like phishing.
It isn’t just consumers, either. Businesses are also regularly targeted by cybercriminals looking to steal data, cash, or other assets.
But why do cybercriminals use email?
1. Email offers many opportunities to do bad things
Think about everything you can do with emails.
- You can share and embed links to other pages.
- You can share videos and even embed them in your email.
- You can attach and embed images.
- You can attach various file types.
These are all everyday occurrences to many of us, which is why cybercriminals find email so attractive. They can send you an email including links and attachments, and often even just clicking on them can lead to malware downloading onto your device, which then acts as a gateway for criminals to steal your data.
Another significant opportunity email provides is how easy it is to target you. Cybercriminals can land right in your inbox by sending you an email. They don’t need to worry about getting around your antivirus software or network filter. If your email provider doesn’t pick up a spam or risky email, it is job done for the criminals.
Furthermore, email addresses are easy to come by. Given how widespread data breaches are, criminals can usually get a list of email addresses from a public forum on the dark web in a matter of minutes. Some disreputable email providers might even give them out at no cost! In addition, business emails are often freely available online, which is why it’s so easy for criminals to target businesses.
2. It’s easy to disguise emails
It’s scary how easy it is to disguise an email.
The way many email software platforms are set up, it’s often possible to send emails posing as any individual or business you want. Recently, it was even possible to send emails directly from Uber!
The most significant aspect of this is that it hides the identity of the criminals. Criminals rely on people seeing an email is from “PayPal” or another familiar brand and not taking the time to look at who the sender really is or where the email originated from. Criminals take this a step further by making fraudulent websites that mimic the real thing, so unless you’re alert, you might never suspect you aren’t really clicking a link in an email from PayPal or going to a dummy PayPal site.
It’s also increasingly common for criminals to pose as someone you know – easy if your contacts data has already been hacked or your Facebook contacts are publicly available – and ask you to send cash or share other sensitive data.
3. Email gives criminals the greatest chance of committing a successful fraud
Fraud is a numbers game.
With over half the world’s population using email every day, the chances that there’ll be a significant number of people who’ll click a link when they shouldn’t, or outright fall for a scam, are pretty good if you’re on the criminals’ side of the fence.
It’s thought that around 3 BILLION phishing emails are sent every day. If even a tiny percentage of people fall for them, cybercriminals can make a fortune or do other untold damage.
4. People fall for email scams
Why change something that works? The bottom line is that significant numbers of people fall for phishing emails, so there’s no reason for many cybercriminals to look at other avenues.
It isn’t just on a consumer level, either. According to Proofpoint, 74% of businesses in the United States fell victim to a phishing attack in 2021. That’s an alarming number, especially considering business emails are loaded with warnings about being confident that emails from outside the organisation are secure and trusted. And that’s not even considering all the staff training around phishing and other cybersecurity issues that takes place!
Is it any wonder data breach incidents are so widespread given statistics like this?!
5. Email gives criminals direct access to business networks
If you’re a cybercriminal, taking your chances that an employee will click a link in a phishing email is far easier than investing time trying to get around sophisticated cybersecurity systems.
If criminals can use a link to install malware onto a system that connects to a business network, they’ve gained access without needing to do much at all.
What’s extremely dangerous for businesses is that malware can often lie undetected for months. The Ponemon Institute’s 2021 Cost of a Data Breach report highlighted that the average time to detect and resolve a data breach was 287 days. So how much damage could cybercriminals do in that time?
Avoiding phishing and hacking attacks that come from email
Diligence is the key to avoiding falling victim to phishing and other cyberattacks that come from email. Our look at where data breaches will be most common in 2022 explains how you can keep yourself and your employer safe.