Be careful before you hit reply--even if the name looks familiar. That's the warning being sounded by cybersecurity experts when it comes to a different type of war being waged by criminals against you and your company. Malicious emails, which contain harmful URLs and file attachments, are soaring.
According to a recent report by Proofpoint, a cloud-based cybersecurity firm, malicious email message volume increased more than 800 percent in the first quarter of 2016 compared with the first quarter of 2015. The amount of malicious emails being sent to businesses increased by 66 percent from Q4 2015 to Q1 2016.
The hackers are changing tactics, too, now favoring malicious document attachments over malicious URLs. This means you need to be careful which document attachments you choose to download while checking your email.
Business email compromise has also risen sharply this year. Proofpoint found that 75 percent of impostor email phishing attacks rely on "reply-to" spoofing to trick employees into thinking messages are from their CEO, manager or another executive in the company. These messages look as if you sent your employees a specific request and they will be tempted to reply.
Remember the lessons from tax season--hackers can spoof your email address and make it appear that you are asking your employees to set up a money transfer for a new client or to send every employee's W-2 in a PDF.
Hackers stole thousands, if not millions, of W-2s from dozens of companies across the U.S. this year. While hackers are still sending malware and ransomware to businesses, the decidedly low-tech approach of email spoofing in phishing attacks is extremely effective. Just a little social engineering and what appears to be a regular email from an executive at your company can cost thousands of dollars.
The lesson here is that if employees are replying reflexively to emails and opening attachments, your company is vulnerable. Training your employees how to spot malicious emails could save a lot of headaches.