2017 had a long list of email attacks, spear phishing, whaling, phishing, scams, email impersonation etc, clearly a wide range of email related attacks were prevalent in 2017 and 2018 is expected to be even more crazy. Yahoo lost 3 billion users records from an email hack. The problem is that the email hacks are easy, cheap and scalable because the barriers to phishing via mail are too low.
Socially engineering an attack has come a long way from imposter sending mails which look genuine mails from mail servers to reset account to being a friend on the social media. Given that people tend to use same passwords for multiple accounts, once the attacker gets hand to the password, the damage can be immense.
Another major problem is email providers are reluctant to encrypt emails on their servers since their business models run on scanning the user’s emails and sending targeted ads. Encryption can help in massively in reducing the email scams, since the access to the content will be limited only to the sender and the receiver, even the popular messaging service whatsapp does end-to-end encryption.
Some trends
- Email authentication will be more mainstream. Authentication, especially for cloud services will become more prevalent and hence authenticating email messages will see a change.
- Webmail clients will start signaling if the email has been authenticated or not, this will enable receiver to check the original sender of the mail.
- Standard email authentication policies will be implemented, like the DMARC issued by department of homeland security in the US.
- Much higher rate of socially engineered attacks, according to a report the rise in phishing attacks Q2 to Q3 in 2017 was close to 74%. The business email compromise will hit the $9 billion mark.
Some of the email services which are encrypted already-
- Proton Mail- free open source and encrypted email provider
- Counter mail offers a thoroughly secure implementation of OpenPGP encrypted email in browser
- Hushmail- with hushmail you can send mails to both users as well as non-users and its provides state-of-the-art encryption to its servers.
Email is the most fundamental form of business communication and evidently the most exploited one. There is a urgent need to make the entire process more reliable by authenticating and encrypting the process, we will likely see the change in 2018.