Is that email really from your bank or airline? Or a hacker pretending to be?
Research from Agari, which provides email security and threat intelligence tools, shows which industries are constantly under attack — but deflect those attacks — and which industries still get a failing grade as they face increased hacker attention.
"Email is one of the criminal's best friends, and one of the most common ways that criminals use to go after their victims," says Patrick Peterson, founder and CEO of Agari. Hackers impersonate brands and try to get you to give them information in return, such as a username and password.
Agari's quarterly report, which looks at 147 companies across 11 industries, evaluates two things. There's the TrustScore, which looks at the highest-volume email-sending domains for a company and then analyzes their implementation of common email authentication standards, including DMARC, DKIM and SPF. Then there's the ThreatScore, which calculates the volume of spam and potentially malicious email sent by hackers masking themselves as a certain company.
Your Bank Is Still a Target for Hackers
From the first to second quarter, Agari found an 8 percent improvement in trust scores across all industries. However, attacks against what Agari calls "mega banks" remained high.
"Attackers are looking to monetize," says Trey Ford, global security strategist for IT security firm Rapid7. "What's easier to monetize than cash? If I can act like I'm some major bank and get you to sign into my fake webpage, I can log in as you and move money around."
Because of this increased attention, banks have also adapted to protect their consumers against these threats, Peterson says. CapitalOne and JP Morgan Chase even appear in the so-called Agari 100 Club, which is reserved for companies that receive a TrustScore of 100. Facebook and Twitter also fall in that group.
"Social media and banks used to be some of the criminals' favorite targets," Peterson says. Those industries have come a long way in their efforts to protect consumers. People now know how to tell if an email from a financial institution "looks a little funny" and shouldn't be trusted, he adds. "Criminals found out that those were much harder targets to impersonate."
That hasn't stopped the criminals, though — JP Morgan and other banks were allegedly hit by Russian hackers last week in an attack that may have been politically motivated.
Email Hackers Now Hitting Travel, Healthcare
So where did criminals turn? The travel industry. It experienced an 800-percent jump in threats between the first and second quarters of the year. Agari's report says travelers are "natural" targets for social engineering, a type of security intrusion that plays on human behavior and emotion.
Sign up for CIO Asia eNewsletters.