Skip to main content

Targeted email attacks are on the rise

(Image credit: Image Credit: Gustavo Frazao / Shutterstock)

Targeted email attacks are becoming more frequent and sophisticated, according to researchers at cybersecurity firm Kaspersky.

The company claims that Business Email Compromise (BEC) has become a very popular method of attack among criminals. It revolves around impersonating an employee from the target company and initiating email correspondence with the victim. The end goal is always the same: to obtain sensitive data or even have the victim transfer the funds into the criminals’ accounts. 

However, to ensure the success of these attacks, criminals need to profile their targets, a process that usually starts on social media. Attackers will try to obtain as many details about as possible, including the person's current position within the firm, usual connections, working hours, office locations and even holiday plans.

IT Pro Portal need...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

These methods are now enhanced with new technologies, Kaspersky claims. AI, for example, could be leveraged create deepfake videos that could be used to “prove” the identity of the sender. Audio recordings could also be used to fake phone calls, requesting an urgent bank transfer, for instance.

“While doxing is generally believed to be an issue for regular users – we often see it figure in social media scandals—corporate doxing is a real threat for an organizations’ confidential data and one that should not be overlooked,” said Roman Dedenok, Security Researcher at Kaspersky.

“The doxing of organizations, just as of people, may result in financial and reputational losses, and the more sensitive the confidential information extracted is, the higher the harm. At the same time, doxing is one of the threats that could be prevented or at least significantly minimized with strong security procedures within an organization.”

Kaspersky has advised organizations to educate their employees on the dangers of cybercrime, to enforce a rule never to discuss work-related issues with anyone outside official communications channels and to deploy state-of-the-art anti-spam and anti-phishing solutions. 

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.