Cybercriminals still use emails to launch the social engineering component of a phishing or malware attack. Email content uses a “call to action’ such as a security update, web payment or refund to lure victims into clicking on the embedded link. Users are routed to fake web content or to download malicious attachment and executables.
Criminals can easily send such emails using a spoofed “from” address to mask the spamming source. The spoofed source address adds to the legitimacy of the sender’s credentials and garners the required trust to trick the victim to act upon the social subterfuge. Spear phishing attacks can disguise email requests such as executive staff or a trusted trading partner. If a user receives an email from a known trusted or senior source, the user is much more likely to take immediate action.
All business networks will have some gateway and endpoint email security such as spam filtering and anti-malware protection, however, such emails can often bypass such controls, especially if the spam run is discreet, smart or launching a zero-day attack. It is well known and documented that such anti-virus and anti-malware products struggle to combat emerging threats.
Security vendors such as McAfee, Symantec, Trend Micro have all reported a recent surge in phishing activity. Unique phishing URLs are +1 million phishing sites in Q3 2016. If we can take some liberty to presume the number of spam email associated and necessary for each phishing attack to provide a benefit and ROI back to the criminal, we can see the number of unique email messages is massive.
Other messaging platforms such as SMS and online messaging services such as Social networks, Instant Messaging, whatsapp, skype are also exploited to spread phishing attacks. Although other platforms are increasing in popularity, email still remains the primary vector to distribute phishing and malware content.