How to Spot Malicious Emails

The ability to distinguish legitimate emails from malicious ones is a new skill set that business owners need to acquire. Ignoring hundreds of spam emails every month is one thing, dealing with malware and ransomware attacks that could cost your company millions in damages is entirely different.

Symantec’s latest Internet Security Threat Report shows that 55% of emails employees received in 2018 were categorized as spam. With 1 in 412 emails being potentially harmful and considered malicious.

Based on Symantec’s findings the following chart shows which subjects, keywords, and attachments are most often used in malicious emails and considered significant red flags to employees.
Infographic: 'Urgent Invoice' - How to Spot Malicious Emails | Statista

Where Malicious Spam Comes From

Approximately 52 percent of all e-mails sent worldwide last year were ads or spam emails. China accounts for 12% of global spam as the largest contributor. The United States follows in 2nd place with 9%, and Germany taking 3rd with 7%. In good news though, the total spam traffic in 2018 was 4 percent lower than it was in 2017.

Infographic: Where Spam Comes From | Statista You will find more infographics at Statista


Time to get your 'Shield Up' against hackers

Trump Administration Warns of Economic Espionage Risk From China, Russia, Iran

The Trump administration has launched a public awareness campaign for the U.S. private sector, urging businesses to better defend themselves against online attackers who may be trying to steal their sensitive data or wage supply chain attacks.

Written by Mathew J. Schwartz (euroinfosec) for DataBeachToday.com

DataBreadToday Twitter  |  LinkedIN Group  |  Facebook

The effort, being run by the National Counterintelligence and Security Center, aims to improve the minimum level of information security practices in place at businesses. At a minimum, NCSC is urging all organizations to review supply chain security, safeguard against spear-phishing emails, beware of social media deception and expect that, when traveling abroad, their equipment will be subject to surveillance or interference.

The NCSC has branded the effort as "Know the Risk, Raise Your Shield," and released a range of videos, posters, brochures and flyers via its website that promulgates strategies to help protect data, assets, technology and networks. The materials were previously distributed to the federal workforce.

"To enhance private sector awareness, we're arming U.S. companies with the information they need to better understand and defend against these threats," says NCSC Director William Evanina.

Advice from the NCSC

The U.S. NCSC is a center within the Office of the Director of National Intelligence, not to be confused with the U.K.'s National Cyber Security Centre, which is the public-facing arm of British intelligence agency GCHQ.

The U.S. NCSC's 2018 Foreign Economic Espionage in Cyberspace report, released last July, singles out China, Russia and Iran as posing the biggest nation-state hacking risk to the U.S. private sector. Laws in China and Russia, in particular, allow government agencies to compel firms to assist in their efforts.

But officials warn that the threat is much broader.

"Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data and compromising supply chains," Evanina says. "The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars."

Last year, Director of National Intelligence Dan Coats told Congress that in the online realm, Russia poses the top online attack threat to the United States, while China, North Korea, and Iran are also top threats, "although many countries and some non-state actors are exploring ways to use influence operations, both domestically and abroad."

Robert Hannigan, speaking at the June 2018 Infosecurity Europe conference in London, said cybercrime groups and nation-state attackers are increasingly blurring together. (Photo: Mathew Schwartz)

Indeed, the former head of the U.K.'s signals intelligence agency, GCHQ, last year warned that it was becoming increasingly difficult to tell cybercriminals and nation-state actors apart (see: Cybercrime Groups and Nation-State Attackers Blur Together).

"In some cases, you can see these groups sitting in the same room, and in some cases, you can see where people have been conducting state activity during the day, and then doing crime activity at night," said Robert Hannigan, who headed GCHQ until 2017, speaking at last year's Infosecurity Europe conference in London. "It's an interesting mixture of profit and political intent."

Charges Filed

As part of its effort to warn private businesses to take information security more seriously ..... (CLICK TO READ MORE)