Those of us who have been using computers for a few decades remember the days when getting a computer virus was more of a nuisance than today’s current nightmare, but back then computers and the internet played a much lesser role in our personal and professional lives. On top of this, the past purveyors of malware had a much different agenda (if they had one at all) than today’s anonymous blackmailers and ransomers. When money is the object, you can bet some very smart and unscrupulous people are going to find ways to pollute your ‘puter for profit, and sadly, email is big, red target on everyone’s back.
Why is email targeted?
- Everyone has an email account. As of this year, over half the planet uses email meaning there are literally billions of email accounts. Email extortion schemes are extremely profitable if only a very small percentage fall for the fake link or open the bogus attachment and then follow through with a ransom payment. The profitability of a ransomware campaign relies on how wide a net can be cast, and with billions of fish in the sea, lots of nets can be cast.
- The cost to send an email is microscopic. Even campaigns that send millions of phishing emails have incredible ROI if only a tiny percentage actually hook a victim. With the right infrastructure (typically hacked servers belonging to someone else), malware teams can push out millions of emails with a few hours of investment of time and minimal hardware costs. On average, ransom demands to small companies are now upwards of $13000 per incident. You don’t even need to do the math to see why this is happening.
- It’s incredibly easy to fool someone via email. Yes, you still get a ton of poorly spelled and grammatically awkward offers to share in the inheritance of foreign princes, but mixed among all the general pollution and real emails are fakes that are becoming increasingly hard to catch. Email scammers are upping their game daily, especially since it definitely leads to more victims getting tricked.
- Each of us gets too much email. I don’t know a single adult who would say otherwise. Even those of us who are really damn good at grinding that email box down to zero each day (not me) do so at great expense of time and energy. And, like any working adult who is pressed for time, this means we are more likely to cut corners (ie. security) and make hasty decisions that leads poor outcomes.
- Email technology has not advanced to match the growing sophistication of malware. Outlook is literally 22 years old and has not changed much in how we process email. SMTP, the primary delivery mechanism for internet email was first released in 1981, and while security and encryption has been tacked on in the intervening years, the core technology is essentially unchanged. Email technology needs its equivalent of the hybrid/electric car to change the industry, and seeing as how long it’s taken those types of cars to affect meaningful change, I don’t expect a quick change on the email side either.
- We are completely dependent on email. Even if we wanted to cut email out of our lives, too much relies on this system of communication to even consider how we would function without it.
Next week: how to bolster your email security perimeter.
Image by Gerd Altmann from Pixabay