The same report from the ACCC also pointed to a 53 per cent jump in business email compromise in the same year and said that Australian consumers reported losing $107 million to agencies that monitor fraud, which include Scamwatch and the Australian Cybercrime Online Reporting Network.
Of the $107 million stolen from consumers, investment scams saws Australian consumers fleeced of some $38.8 million, while dating and romance scams saw $24.6 million pilfered. Remote access scams — where a computer is taken over by a person purpoting to help you fix a supposed problem — cost $4.8 million, false billing saw $5.5 million stolen, and hacking cost Australians some $3.3 million.
How to identify a phishing email
Don’t trust the display name
Look but don’t click
Check for spelling mistakes
Analyse the salutation
Don’t give up personal information
Beware of urgent or threatening language in the subject line
Review the signature
Don’t click on attachments
Don’t trust the ‘from’ email address
Don’t believe everything you see
Source: Email deliverability company Return Path
“Of the visibility we have with Talos intelligence, we can see 71 per cent of emails were spam,” Steve Moros, Cisco’s director of security in Australia and New Zealand, said of May. “That’s a big number.
“And it’s harder to spot malicious emails as methods become more sophisticated.
“Educating yourself, and your business, on the tell-tale signs of a phishing email will help you mitigate the risk, and potentially stop malicious threats.”
Cisco’s Talos intelligence is a threat research organisation inside Cisco with researchers, data scientists and engineers collecting information about existing and developing threats.
According to the Internet Crime Complaint Centre, there were $US1.3 billion ($2.1b) in losses in 2018 due to business email compromise scams. Such scams are a form of email fraud where the attacker masquerades as a c-level or above executive and attempts to trick the recipient into performing their business function, for an illegitimate purpose, such as trasnferring them money.
Email is “one of the most efficient ways an attacker can use to get into systems and access data”, Moros said, pointing to new survey data from Cisco which shows almost three quarters of businesses left the “door wide open without any email security measures in place”.
In addition, 36 per cent of the IT security professionals surveyed said they had dealt with a security incident that manifested as a result of malicious spam being opened by staff, while 27 per cent said they had dealt with a security incident as the result of details stolen from a phishing attack.
This was despite 94 per cent Australian computer security professionals saying that they found it “extremely, very, or somewhat challenging” to defend user behaviour from cyber-attacks.
“In Australia, only 26 per cent of the chief information security officer’s surveyed use email security,” Moros said. This is lower that the global average of 41 per cent of oranisations using email security.
Cisco’s latest email threat report said there were several possible reasons for this decline.
“One cause could be the move to the cloud,” it said.
In a recent study by Enterprise Strategy Group on behalf of Cisco, more than 80 per cent of respondents reported that their organisation was using cloud-based email services.
As more organisations opt to have their email services hosted in the cloud, they are forgoing the need for dedicated email security appliances. Cisco, which of course supplies such appliances, says “the need for layered protection can’t be stressed enough” because cloud email services, such as Gmail and Outlook, which are used by many enterprises, provide only “basic security features”.
“Email security may seem simple but it’s an essential security layer, especially as hackers find more sophisticated techniques to get into organisations’ systems and compromise business and customer data,” Moros said.
Ben Grubb is a Desk Editor/Locum Homepage Editor for The Sydney Morning Herald.