Email, unfortunately, has gone beyond serving as a way to make weekend plans with friends. Now, it has been turned into a tool for criminal activity by cyber criminals. We’ll take a closer look in this lesson.
Not the Boss
When an employee at a company that’s been around since 1892 received an email from his boss asking for his help in a top-secret project, the worker did not object. After all, the boss said he was trying to buy a Chinese company in a hush-hush deal. The price? A cool $17.
2 million he needed wired to an offshore bank account. The employee complied, but soon found out the transaction was a fraud. As was the email. A cyber criminal had impersonated his boss and sent the request. According to recent reports, the company is unlikely to recover the money, making for one very expensive lesson about how email can be used to commit cybercrime.
Wouldn’t it be great if fraudulent emails meaning to do you or your business harm came with a warning alert like the one in this graphic? Sadly, that is not the case.
In a four-month period not so long ago, experts claim that more than 12,000 businesses across the world were the target of an email scam like the real-life example above. Companies large and small, as well as innocent individuals, find themselves at the mercy of criminals trying to use email for their own personal or financial gain.Let’s examine some of the ways cyber criminals exploit email to commit their crimes.
Email Usage in Cybercrime
The rise of email users and email usage has created an anonymous environment for cyber criminals to take advantage of unsuspecting individuals. Here are some ways they’re doing that.
It may seem like spam email, or junk email, is merely a nuisance in your inbox, but it has the potential to be dangerous. Many cyber criminals deliver viruses via email, that once opened or clicked on, deposit dangerous files onto your computer.
Criminals can then gain access to your system and personal files or even disable your computer this way. Ransomware and malware are two common types of malicious software that can infect your system or even disable your access to your own data until you pay a ”ransom.”
Email spoofing is a lot like our example from the lesson’s opening. A cyber criminal takes on the identity of someone you know ( a friend or boss) and then uses email communication to get you to download malicious software, visit a fraudulent website or even instruct you to do things like wire money. Spoofed emails may even look legitimate, which can make them that much harder to detect. Cyber criminals may change their sender address just slightly; instead of [email protected]
com, they may use [email protected], hoping the recipient won’t spot the difference.
These bombs aren’t as fatal as the real thing, but can be seriously destructive. An email bomb is when a cyber criminal sends large volumes of emails to the recipient in an attempt to overload an inbox or a server, which presents real problems for businesses.
ProPublica, a nonprofit newsroom, dealt with email bombing in late 2017, virtually cutting off journalists’ communication and paralyzing their ability to work effectively until the company’s IT department could resolve the issue.
Phishing emails in cybercrime is just like fishing in real life, except this time it’s a criminal who hope they’ll get a ”bite.” Most phishing emails contain links to fake websites, asking the recipient to click to update personal information like passwords, credit card numbers or bank account details. Fall victim to this scam and you’re literally turning over your sensitive details to a criminal on the other end. From there, your information may be used by the criminal or sold.
The use of email to help commit cybercrimes has grown since the popularity of communicating through the digital platform has soared. Among the most common ways email is used to commit crime is by sending phishing emails attempting to gain access to victims’ personal or financial information.
Email bombs flood users’ inboxes with hundreds of emails, virtually shutting down a user’s inbox or business communications. Email spoofing occurs when a criminal takes on a false identity and sends emails using that person’s name or credentials in an attempt to get the recipient to do something like wire funds. Even the simplest forms of spam can contain dangerous links, web addresses or fraudulent downloads that can infect the recipient’s computer with malware or ransomware.