By now, everyone is familiar with terms like “phishing,” “spam,” and “malware.” Most people also know that these cyberthreats are commonly encountered through an email attack vector. That means the attackers used email to compromise a victim’s account, device, or network.
Consider this scenario: An employee arrives at work and opens his email inbox. He sees the first message with the subject, “Urgent: Payment Declined.” Dreading but wanting to know what payment the email refers to, he opens the message and clicks an embedded link for more details. That innocent click opens the portal to a more nefarious attack, such as credential stealing or ransomware infection.
But why email? Like other people, you may be wondering why email is the most common attack vector. We delved into five reasons below.
1. Email Is Versatile
Email gives threat actors the flexibility to embed malicious links and attachments in their messages. Even legitimate users find emails convenient and versatile, allowing them to attach files, images, and videos or send site links. Bad guys exploit these same features.
Email also allows threat actors to target victims simply by obtaining a list of email addresses. Emails give them versatility to bypass network filters and other cyberdefense mechanisms. All they need is an email address, which they can easily obtain from unreputable email providers in a few seconds.
To protect users from email attack vectors like phishing and spam, the security community developed and improved email-based security products. A vital aspect of these products is email verification, which includes checking if a sender’s email address is valid and legitimate, among other things.
2. Bad Guys Can Hide behind Emails
The top reason behind the rampant use of email as an attack vector is that it hides threat actors’ identity. Most email users don’t scrutinize the senders’ email domains or take time to retrieve a domain’s IP address.
Bad guys can pretend to be someone else—a distant relative from another country or a representative of a reputable company. They can even make emails look legitimate by adding the official logos and signatures of imitated brands.
3. Email Increases Chances of Succeeding
Since more than half the world’s population are email users, threat actors have more chances of finding victims when they use email as the attack vector. The more people they target, the more likely someone will fall victim to phishing and other email-based attacks. It’s no wonder then that about 3 billion phishing emails are sent daily. Even when only a portion of this email volume becomes successful, threat actors can still gain so much.
4. People Still Fall for Email-Based Attacks
Even if phishing and spam emails have become household names in the past few years, people still open them. In fact, 74% of organizations in the U.S. succumbed to a phishing attack, according to Proofpoint’s 2021 State of the Phish Report. This success rate means that people still open suspicious emails despite warnings against doing so.
5. Email Gives Attackers Direct Access to Corporate Networks
A successful phishing attack allows threat actors to execute credential-stealing or file-locking scripts inside the victim’s corporate network. In essence, an email attack vector means that the thieves are already inside the victim’s house. They only need someone to hand them the combination to the vault. For this reason, email is their favorite and most lucrative attack vector.
Once malicious actors gain access to a network, they can lurk there undetected for weeks or even months. According to the 2021 IBM Cost of Data Breach Report, data breaches go undetected for an average of 287 days, which can already cost victims US$4.87 million.
Email remains the preferred method of communication, especially in the business world. But threat actors are also exploiting its popularity by using email as an attack vector, and a successful one at that.
As people continue to use email due to its versatility and flexibility, threat actors are expected to continue exploiting it. The best practice for individuals and enterprises is to take advantage of email security tools that the cybersecurity community is developing and improving.