TitanHQ Blog

Report: Most Email Attacks Rely on Users Clicking a Link

Posted by Geraldine Hunt on Tue, Sep 24th, 2019

While software vulnerabilities and browser-based attacks are still an issue for some users, a majority of cybersecurity attacks focus on phishing and tricking users into performing an action, mainly clicking a link to download files or access an attacker-controlled website. A recent report indicates that social engineering and phishing paired together make the most effective forms of cybersecurity attacks, and they can lead to credential disclosures or private data leaked to an attacker.

Phishing Attackers are More Sophisticated Than Before

Some phishing attacks are poorly designed, but recent attacks are designed to evade even the best cybersecurity training. A recent wave of phishing attacks focused on the latest Brexit news with an email that promised users that they could track changes in currency conversion by opening an attached file. The email used official names of PDF files distributed by the UK government and graphics that made it look like an official correspondence message. When the user clicked the link and opened the file, the document was set up to trick users into running macros, which would then download malware to the user’s local machine.

Old attack methods are still in use

For instance, tricking users into clicking links using scare tactics are still effective for attackers. Attackers using Google or Microsoft graphics to create a message that scares users into thinking their account is at risk. Users click the embedded link, and they are sent to an attacker-controlled page that looks like the official source website.

In the aforementioned report, one pattern remains constant – attackers focus on human flaws rather than vulnerabilities in technology. While technology is still forever tested by attackers, it’s much easier to play on user mistakes than finding the “needle in the haystack” exploit that gives an attacker access to an internal network. Both attackers are efficient, but the latter takes more time and skills. A phishing attack does not take technological expertise compared to finding a flaw in infrastructure equipment such as firewalls and software.

Even with a lower barrier to entry, phishing attacks are more sophisticated than ever. Corporations have found that cybersecurity training is imperative when defending against a phishing attack. Upper-level executives are trained to identify phishing to avoid becoming a victim to a spear-phishing attack.

What Companies Can Do to Avoid Falling Victim to Phishing

The fewer phishing emails that reach an employee’s inbox, the bigger the reduction in phishing risks. Corporations should always offer some level of cybersecurity training that empowers users with the knowledge needed to identify attacks, but training does not provide 100% protection. No cybersecurity protection is 100% effective, but the right tools and procedures greatly reduce the risk of phishing threats.

Patching and updating software to the latest version is always recommended. Patching software and using antivirus software stops some of the executable code that runs in the background logging user credentials and private data. These procedures should always be in place, but they don’t always stop zero-day attacks.

The most effective way to stop phishing emails is to filter suspicious messages at the email server. Email filters using artificial intelligence (AI) to detect malicious links or attachment will quarantine messages in a safe location until an administrator can review them. Once reviewed, the administrator can pass the message to the recipient’s inbox or delete it entirely from the system, disallowing the malicious content to ever reach the intended recipient.

Email filtering stops many spear-phishing attacks, which are targeted at high-level employees that have access to secure systems. For instance, an attacker might use social engineering and phishing to trick an accountant into sending money to the attacker’s bank account. With strong email cybersecurity, the email is never able to reach the recipients' inbox and any social engineering is also stopped if it involves email as well.

DMARC and Phishing Attacks

DMARC rules ensure that spoofed emails also get quarantined. This email security uses a combination of DNS entries and an encrypted email signature to identify legitimate email senders that can email on behalf of the organization. DMARC stops common phishing attacks that use open SMTP servers to send fraudulent, spoofed email messages that look like they came from an official sender.

Finally, corporations can add DNS-based content filtering, which blocks users from browsing sites that contain malicious content. Should the DMARC security rules allow a false negative to access the recipient’s inbox, web content filtering stops the user from accessing the site after clicking the link. Both DMARC, email cybersecurity, and web content filtering greatly reduces the chance of an organization falling victim to a phishing campaign.

Never Miss a Blog Post

Sign-up for email updates...

Get Your 30 Day FREE Trial

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us