Cybersecurity firm, Kaspersky estimates that the average worker spends between five and 18 hours every year reading spam messages. “When scaled to an organization with hundreds of employees, this may turn into a sizable amount of personnel hours. However, the lost time is the least possible damage,” says Kaspersky spam analyst, Anna Lazaricheva.
Phishing and malicious links can mean huge financial and reputational problems for a company. While selling its services, the firm’s researchers discussed simple and sophisticated threats in a recent webinar, entitled Email security: Top threats and how to counter them.
Fake invoices
Common malicious tricks in the past year include criminals sending fake invoices or purchase orders. “This tendency isn’t going to stop in the near future,” Lazaricheva says. “Fraudsters may also send such messages with malicious links.” QR codes within these emails is another way of complicating the detection of fraudulent activity.
She adds: “It’s worth mentioning that attackers put phishing or malicious links, not always in the first message.”
Business email targeting specific individuals within organizations has also evolved. Prior to 2023, these emails were characterized by poor grammar, style and limited text. The proliferation of generative artificial intelligence (AI), however, not only improves integrity and grammatical correctness of texts, the range of languages fraudsters can use is also very wide.
“Everyday, such emails are starting to resemble the format of business correspondence far more closely,” she says. “Training your staff is very important here. Users are always the weak link. Even experienced security engineers can be cheated.”