23 January 2013

The burden of spam emails

A new survey of 1,000 UK office workers has revealed almost 60% are burdened with spam mail on a daily basis, with 6% of respondents receiving more than 10 bogus emails a day.

The study, commissioned by anti-phishing training firm PhishMe, found that office workers in the UK are being swamped with phishing emails looking to trick the recipient into revealing private information.

These emails aren’t just a risk to private security but also the integrity of the company’s network, which could be compromised if risky attachments are opened or links are clicked on. If the user responds to the emails in question the hacker could get access to the corporate network to acquire data such as usernames, passwords or R&D information.

Scott Greaux, vice-president of product management and services at PhishMe, said: “Nearly 60% of employees receive phishing emails every day, so clearly technical controls are failing to stop these messages as they pass through the system.

“They end up in users’ inboxes and, for many companies, it is purely down to luck if that employee responds.”

If the worse case scenario does happen, employees could return to work without either them or others at the company knowing their security has been compromised. Mr Greaux said user education is essential in adding “human sensors” to an organisation’s security infrastructure to improve overall security.

Similar research has recently found that spear phishing attacks – attacks that target specific people at enterprises with the aim of gaining a foothold into the corporate network – are at the core of most targeted attacks. Trend Micro found that 91% of targeted attack data collected between February and September 2012 involved such phishing methods.

Genuine email or spam?

  • Make sure you have antivirus software and keep it up to date. The same goes for firewalls.
  • Many spam emails will try to trick readers with content that looks genuine. Check the url of a link before clicking on it, or type the url into your browser rather than clicking on the email link. Spam links often have malicious code behind them.
  • Don’t open an email attachment unless you’re expecting, particularly if you don’t know the sender. If it’s from someone you know, check that they are using their standard email.
  • Be cautious of emails that try to get an emotional response from you, e.g. greed or fear. You can’t have won a competition that you’ve never entered and don’t confirm personal or financial information over email.
  • When signing up for something online, beware of check boxes that ask whether you want to receive emails from selected third parties. You don’t know who your email address will be given to, so don’t sign up/make sure you opt out of these.