Embedded email trackers provide a wealth of real-time information to potential cyberattackers. In fact, 95% of all successful cyberattacks start with email. From a company standpoint, as many as 70% of all inbound emails have trackers, and this is where intelligence gathering on employees begins.
Users do not have to open an email to become exposed to the risk of this tracking threat. Messages that are viewed via the preview pane can signal back to the sending party and report back critical information. Messages that are forwarded on to third parties can also disclose evidence of this activity. Trackers can identify activity allowing the sender to view and validate metrics; how long the message was open, how many devices it was accessed from and where those devices are. Gathered information can include specific geographic clues that reports on the physical location as well as potentially which organization the reader is a member of. I.e., if the message was sent to Company A but the tracker identifies that the message was opened from a location at Company B, the sender can make assumptions that will change the way they interact with the recipient – especially when it comes to litigation and business dealings. If they see an insurance carrier that was not on the initial thread is reading the email, for example, that will most likely change the way they respond.
Consider the following scenario to see how trackers can gather data to improve their chances of successfully completing a cyberattack:
A CEO is on vacation with her family and checks her work email. She opens a few emails while at the resort but recognizes that her team has everything under control. She is relieved and able to pare down her inbox without responding to any new messages. The CFO of her company then gets an email from the CEO that states where she is, down to the resort in which she and her family are vacationing. In the email, she explains that she has a family emergency and requests that the CFO wire $9,975 to a bank account. The CFO does as requested, and the money disappears quickly, never to be recovered.
Due to email trackers, the fictional criminals were able to glean specific information about the CEO’s particular whereabouts without actually getting into the CEO’s mailbox. Without controls, your mail client regularly provides a tremendous amount of information back to senders without your approval or knowledge. This feature is taken advantage of for legitimate business purposes but can be turned to malicious and criminal objectives as well.
Trackers are not expensive to get and can be as simple as a hyperlink that appears to be the period at the end of a sentence within an email. The simplicity and ability for trackers to masquerade as legitimate characters makes them very hard to spot. As a result, the way people within an organization react to seemingly benign messages can be a company’s biggest threat when it comes to cyberattacks. Further, even if the trackers are spotted, the tracking has already occurred.
Humans Are the Biggest Threat
In addition to trackers that users may not see, staff are barraged with messaging and alerts that make it difficult for them to identify threats. Almost all organizations put in place security measures; however, they need to make sure that their employees are actually paying attention and taking advantage of them. Many times, desensitization to constant alerts and banners means employees ignore most notifications as “just noise.” Consider those banners at the top of most of your emails that read, in bold red text, “External Sender.” When was the last time you noticed this alert?
There are some things you can do to make sure your company is prepared and that your users know what they need to be aware of and what they should be on the lookout for.
The Right Systems
Put a system in place that will not look like “just noise” to your employees and instead support user engagement. For example, MessageControl, now a Mimecast company, helps identify when a message is coming from someone other than the claimed sender. It alerts users to specific problems within emails while reducing the notices to users by approximately 80%. This ensures that when an alert does pop up, users are more likely to pay attention. Instead of being told that the message is coming from an external source, it will alert users when they are receiving a message for the first time from an external user or domain, that the domain was only recently created and/or that it is similar to, but different from, an address the user has communicated to in the past.
In addition, the program has real-time learning, federation of data and updates warnings based on current status at time of reading, not just when the message passes through the email filter. This means that sender information is securely and anonymously shared within the system to ensure that if one recipient identifies a threat, your warning may change based on what happens between the time you received the message and when you open it. For example, you might get a message that was initially marked with a yellow caution warning, but others within your system tag it as spam before you open it. By the time you do open it, the warning would then change to a red alarm. This alerting feature adjusts in real time and is updated on all systems. The best part, is that the system learns your communications patterns and becomes more accurate, with fewer false positives over time.
The Need for Training
Collaborating with the right partner can make all the difference when it comes to cyberattacks. Not only will they recommend the right systems to mitigate your company’s risk, but they will train your employees on how to optimize awareness and respond when potential cyberattacks are spotted.
At Keno Kozie, we partner with the best technology organizations in the industry and bring those relationships directly to our customers. We also offer training and support to our clients to minimize the impact of the constant barrage of potential risk.