Based on Verizon’s latest Data Breach Investigations Report, email continues to be the most common attack vector (96%). In addition to email, phishing and pretexting represented 93% of all social breaches they identified.
The problem with email is exactly what makes it great. Email is simple to use and the speed that can be transmitted and received makes it extremely efficient. However, is this same simplicity and efficiency that makes it easy for cyber criminals to exploit.
The easiest way to explain it is that emails are like postcards where the same goes thru multiple hands before it reaches its destination. What is worst, is that every server that receipts and resends may make a copy of your email or keep it in storage in plain text where others can read and take advantage of this information.
Logo’s, headers and other identifying information are easy to copy. So even if you think that an email is from a legitimate sender you may be interacting with a complete stranger. Worst of all, these cyber criminals are quite clever and frequently use fear to make you open their emails and download their applications within your environment.
By the way, texting, while not the same as email, is similar enough that the above information applies to it.
The recommendations that I personally follow are:
- Never open suspicious emails.
- Never click on a link or download attachment in an unsolicited email.
- Whenever possible verify with the sender that they sent you an email.
- Never send an email that you wouldn’t want to be posted in the newspaper. If it is sensitive use security tools like encoding, end to end encryption, etc.
- Whenever possible use end to end encryption if you are going to email or text sensitive information.
References
https://enterprise.verizon.com/resources/reports/dbir/
https://defendingdigital.com/email-and-text-messages-arent-secure-use-secure-messaging-instead/