Cybercriminals love email for most of the same reasons legitimate sales and marketing professionals do. An email campaign requires little technical expertise and can be conducted at a low cost through an abundance of online services. Any individual or business in the world with a public email address can immediately be sent an unsolicited message regardless of prior contact.
The mechanics of email also make it easy for criminals to obscure their identity or impersonate another with a few simple tricks, as well as leading victims directly to malicious files or sites.
All this means email is likely to stay as one of the threat actor’s weapons of choice for the foreseeable future. However, the way email is weaponized has changed a great deal over the years, and the events of 2020 in particular shifted and accelerated several trends.
Businesses need to be aware of the ways malicious emails are evolving to ensure their defenses…