Email Security Blog

The Exploitation of Cloud Based Email Services

For the younger half of today’s workforce, email has always been a part of everyday life. Others might remember seeing their first emails arrive onto the scene in the early 1990s, though it was a rarity. Now, billions and billions of emails later, with technology continuing to evolve, more and more companies are moving away from in-house servers and desktop storage to take their email to the cloud.

Cloud storage allows you to save data and files at an off-site, third-party location and access them through the public internet or a dedicated private network connection. Once your data is sent off-site, it becomes the responsibility of your Cloud Services Provider (CSP) who not only secures and manages your files but ensures they are available when you want them. For companies with large amounts of data, paying for cloud storage can be a big cost-saver, compared to owning and managing your own in-house data storage networks.

So, is the cloud a safer place for your email? It may feel insecure because your data is stored with a third-party CSP and not in your control, but Cloud Services Providers invest heavily in security software. They also employ teams of security experts who watch over your data around-the-clock. Does this make the security of your email infallible? Certainly not.

When it comes to cybercriminals, where there’s a will, there’s a way and they’ll figure out how to even get though the cloud to steal from companies. The Federal Bureau of Investigations’ Internet Crime Complaint Center recently reported an uptick in phishing scams initiated by hackers who are targeting companies using cloud-based email services. In particular, they are conducting Business Email Compromise (BEC) scams. According to the FBI, “scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds.”1

In the last five years, the Internet Crime Complaint Center has received a steady increase in BEC complaints from companies, totaling more than $2.1 billion in financial loss. In fact, BEC scams have been reported in all 50 states and in 177 countries.1 

What may seem new is the use of phishing kits. Phishing kits are a collection of tools used by people with little technical skills to create convincing phishing schemes by replicating a familiar brand or company, often a cloud services provider like Microsoft or Google. Phishing kits are also used by cybercriminals who want to conduct a large-scale phishing attack on short notice. Phishing kits help hackers convince victims to share their log-in credentials. While monitoring these cloud-based phishing attacks, the FBI found that hacker would take the following steps:1

  1. Use the phishing kit to identify the email associated with each set of compromised credentials, allowing the hacker to target victims using cloud-based services
  2. Analyze the content of the compromised email accounts for evidence of financial transactions
  3. Configure mailbox rules of a compromised account to delete key messages or enable auto-forwarding to an outside email account
  4. Impersonate email between compromised businesses and third parties (such a as vendors or customers) to request pending or future payments

Can most of these cloud-based phishing attacks be prevented? The answer is yes. How? Just listen to what the FBI experts have to say. According to the Internet Crime Complaint Center, “While most cloud-based email services have security features that can help prevent BEC, many of these features must be manually configured and enabled. Users can better protect themselves from BEC by taking advantage of the full spectrum of protections that are available.”

When it comes to email phishing prevention, the easiest choice to make is to choose INKY. INKY provides world-class email phishing protection, even against the most complex threats. INKY is compatible with all email platforms (including cloud-based), installs effortlessly, and alerts your employees of each and every phishing scam that comes their way. Companies of all sizes are choosing INKY to protect their businesses from the myriad of growing cyberthreats. While the hackers may keep getting smarter, INKY is constantly evolving and the result is an email phishing solution that stays one step ahead of criminals. Schedule a free demonstration to see how.

----------------------

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

1Source: https://www.ic3.gov/media/2020/200406.aspx