The latest report released by the FBI’s internet crime division - IC3 - reveals that email-based social engineering attacks were the most commonly reported cybercrime category in 2017.
IC3 received 300,000 complaints in 2017, representing estimated losses of more than US$1.4 billion.
According to IC3’s report the largest reported crime categories, in terms of financial damage to victims, were BEC (business e-mail compromise) attacks and fake investment scams targeting companies (a.k.a. CEO fraud).
One fraud scam intercepted by the FBI netted the perpetrators US$7 million on its own. The scam, involving fake emails purporting to be from banks, was operated by a small group of criminals who persuaded their victims to forward them large sums of money using phone calls and forged credentials submitted via email.
FBI investigators were successful in apprehending the criminals behind this scam but many other large value fraud cases are still under investigation.
CEO fraud is low-tech cybercrime
People tend to think of cybercrime as being high-tech, but CEO fraud attacks like the one described above, require only very simple tools.
Unlike ransomware-attacks or spyware, CEO fraud doesn’t rely on clever software to be effective; it uses psychological cues and deception to defraud victims. In CEO fraud, instead of hacking code the scammers hack social networks, relationships and company structures. All criminals need are the email address or phone number of a high ranking person inside a company and they can begin to construct a scheme.
Learn more about CEO fraud in this article: CEO fraud attacks up 2,370% since 2015
Email fraud growing
Reports released this year continue to confirm that email-based cybercrime is still the biggest threat faced by companies. Cyber-criminals are increasingly eschewing ransomware in favour of easier ways to make money such as crypto-jacking, but email is still the delivery method of choice for penetrating victim’s computers.
Cybercriminals routinely use compromised email accounts to send large volumes of malicious email that carry malware capable of capturing keystroke data, stealing and corrupting files and covertly mining cryptocurrency.
Cryptomining malware is a highly profitable new attack format for criminal syndicates and has become so common that it now has its own colloquial designation: crypto-jacking.
Read more about crypto-jacking malware attacks and how they work, here.
Protect against hidden threats
Every organisation should take email-borne threats seriously. Innocent email attachments can carry malware capable of infecting a company’s entire computer system. Most businesses rely on email as an integral part of their day-to-day operations, and statistics consistently show that 90% of cyber-attacks are perpetrated via email.
People aren’t machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.