Podcast recap: Email attack trend predictions for 2020


Email continues to be a major method of communication in both personal and professional contexts. The sheer proliferation of information transmitted via email every day makes it an appealing target for hackers. 

  • 30% of phishing emails bypass default security systems
  • One out of every 25 branded emails is a phishing email 
  • The average employee receives 4.8 phishing emails per day
  • 35% of professionals don’t know what “phishing” is 

(Source: Avanan)

DevOps Connect:DevSecOps @ RSAC 2022

While these statistics are certainly alarming, there are people out there like Evan Reiser, CEO of Abnormal Security, to stop email attacks in their tracks. Recently, Reiser joined Infosec’s Cyber Work podcast to explore the future of email attacks in 2020 and beyond. 

What are the types of phishing and email attack vectors?

Reiser breaks email attacks down into three groups: link-based attacks, attachment-based attacks and payload-less attacks. Reiser’s company, Abnormal Security, specializes in payload-less attacks. 

Like the name suggests, a payload-less attack isn’t carrying a viral load. There are no sketchy links or malicious attachments. Instead, the attack is geared towards tricking the recipient into disclosing sensitive information or willingly giving up money. Since they rely on an emotional response, they’re very clever and constantly changing. 

Payload-less attacks are also tough to detect. Traditional spam filters are taught to hunt for red flags like links and attachments, but payload-less emails don’t have those, so they can slip past filters undetected and hide amongst the innocent emails in a recipient’s inbox. 

What are some of the major shifts in email attack tactics you’ve seen since 2018 and 2019?

Gone are the days when attackers relied on simple spam emails from long-lost Nigerian relatives. As anti-spam technology evolved to effectively identify and filter spam emails, attackers had to step up their game. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Christine McKenzie. Read the original post at: