The evolution of email fraud
Email remains the most common initial attack vector for cybercriminals. Infiltrating an organization via an email-based attack can happen at any level — phishing is not only targeted at the C-suite. Once attackers get an individual’s credentials, then they can gain access. Once inside the network with one set of credentials, attackers can more easily move laterally and gain more permissions and fuller access. Even access to an employee’s mobile phone can be escalated into wider network access.
Early email fraud messages were often badly written and frankly unbelievable. Criminals relied on a ‘spray and pray’ approach — sending out thousands of messages in the hope that a few would stick. Traditional gateway defenses are quite adept at dealing with these high-volume attacks. Barracuda’s own data shows that 16% of all email traffic is this sort of high-volume attack, such as spam, malware, and other emails with malicious payloads. You still need gateway defenses to stop these attacks, as they remain a serious danger.
