The \u2018Nigerian Prince\u2019 or \u2018419\u2019 email scams we\u2019ve all seen take advantage of the age-old premise: people can be greedy and gullible.<\/p>\n
Or to put it more positively \u2013 people are intrinsically positive about the motives of others and are not on the lookout for scammers and criminals in every email exchange.<\/p>\n
But the sad truth is we all need to wake up to the threat in our email. To heighten our security awareness.<\/p>\n
The world has moved on and despite significant security efforts and new technologies in recent years, there remains a prolific and lucrative cybercrime industry attacking people and organizations alike.<\/p>\n
Today the weakest link in any security defenses are people, so protecting data and systems also means protecting people.<\/p>\n
The recent history of cyber security shows that all too often it is the employee that opens an organisation up to attack.<\/p>\n
In most cases (despite high profile insider attacks like Snowden in the US) employees are not willingly participating in an attack.<\/p>\n
They may not even know they are the unwelcome target of a hacker\u2019s attention and that their online behaviour might be risky.<\/p>\n
Employees have limited knowledge of the cyber security risks they face (or create).<\/p>\n
Email scams take advantage of this lack of security knowledge.<\/p>\n
The cost to an organisation of this knowledge gap is an increased security threat.<\/p>\n
Cyber security is a constant game of cat and mouse.<\/p>\n
As people woke up to the threat from simple email scams like the \u2018Nigerian Prince\u2019 its effectiveness declined so the attackers moved onto new techniques.<\/p>\n
Phishing in its many forms has grown in popularity.<\/p>\n
Here the attacker sends email to lots of people with a malicious web link to steal credentials for logins or a malware-laden attachment to infect a machine.<\/p>\n
They know that someone will click through and activate their attack.<\/p>\n
Then there is spear-phishing, where targets are more carefully targeted to improve effectiveness and a new, and damaging, variant of this called CEO Fraud or whaling where social engineering is used to really target a specific individual within a target organisation.<\/p>\n
Individual emails are created that look legitimate, they often even get into a conversation with the target pretending to be their boss, before hitting them up for fraudulent wire transfers of cash or confidential data.<\/p>\n
These attacks on email are on the rise and are a significant concern.<\/p>\n