Email malware and phishing attacks at a new high

Cyber criminals sent more phishing emails in July 2017 than any month in the past year, according to Symantec’s monthly threat report. It claims that one in every 1,968 emails was a phishing attempt.

There has also been a spike in other email-based threats. The number of emails containing malware attachments increased to 1 in 359, which is the highest rate of activity Symantec has seen since December 2016, and spam accounts for 54.9% of all emails, a 0.6% growth since June 2017.

Why are criminals exploiting email?

Symantec credits the rise of email-based threats to the success of WannaCry and NotPetya, with malware families such as Emotet and TrickBot recently adding support for self-spreading components.

“Emotet now has the capability to steal email credentials from infected computers and then use them to send out spam in order to spread itself,” the report said. “TrickBot takes advantage of SMB to spread to computers on the same network as the original host and also spreads itself via spam posing as invoices from a financial organization.”

According to Mark James, security specialist at ESET, it’s no surprise that email is the number one attack vector. He told Information Security Buzz: “When that email lands in your inbox, regardless of whether you know its fake, there is often an urge to open it just to make sure.

“We as humans are naturally curious, we want to make sure, we want to believe others are trustworthy […] but in the end it often proves to us what we and almost everyone else thinks; that so many emails are only there to trick us into spreading doom and gloom, either physically or metaphorically.

“Teaching our users the need to understand, spot and report potentially dodgy emails is extremely important, and has proven its worth in gold. But it needs to happen consistently and evolve around current threats – the same lecture every morning will end up falling on deaf ears, but with current attack methods and real life examples leading into reasons on how and why it can cause the worst case problems we often see leading to huge data breaches, can help the staff to become important members of the security team and not just the weakest link.”

Learn how to spot phishing emails

You can alert your staff to the risks of phishing and help them avoid falling victim with our Phishing Staff Awareness Course.

It provides an overview of phishing and the different kinds of attack, explains how cyber criminals plan and execute their campaigns, and shows employees how to identify and respond to malicious emails.

Take a look at this course:

Find out more about our Phishing Staff Awareness Course >>