Why Some Emails Are So Easy for Scammers to Fake

Emails purportedly sent by health insurance companies and large banks are more likely to be fraudulent than those claiming to be from social media companies, a new research study reveals.

An email that appears to come from a health insurance company is four times more likely to be fraudulent — or two times more likely from a large U.S. bank — than an email ostensibly from a social media company like Facebook, according to Agari’s 2015 study.

Agari, which provides solutions to detect and prevent cyberattacks, analyzed 6.5 billion emails daily last year in nine industries for the study.

The study should make consumers and organizations more aware of the security of their email data and “how they can protect themselves from fraud,” says Patrick Peterson, Agari’s CEO.

The health care industry, which has been hit with massive cybersecurity attacks, has the worst average TrustScore of all industries surveyed, the study says. A TrustScore, based on a zero-to-100 scale, indicates how well organizations protect their consumers from email cyberthreats.

Get everything you need to master your credit today.

Get started for free

The poor TrustScores of health care companies are in line with an FBI warning last year. According to Reuters, the agency warned health care providers that their cybersecurity systems are lax compared to other sectors, making them vulnerable to hackers targeting American citizens’ medical records and health insurance data.

In February, Anthem, the nation’s No. 2 health insurance carrier, was struck by a cyberattack that exposed sensitive data of up to 80 million customers in all 50 states.

Last July, Community Health Systems, the nation’s second-largest for-profit health system, confirmed that information about 4.5 million patients was stolen in a cyberattack believed to have originated in China.

Agari’s study reports that six of 14 major health insurance companies surveyed had a TrustScore of zero. Aetna, though, was an exception. It had a 100 TrustScore in last year’s third and fourth quarters — “remarkable for a company in any sector,” the study says.

Banks Ranked Low

Email attackers targeted banks and other financial institutions more than any other types of company in 2014, but every category of bank surveyed had a low average TrustScore, the study says. The study looked at large and mega banks in the USA and mega banks in Europe.

“European megabanks, whose customers are some of malicious emailers’ most common targets, fared especially poorly,” the study says. They had a TrustScore of 33, the second-lowest of nine industries surveyed.

Large American banks had the third-lowest TrustScore, 36, and American megabanks scored 46. Two U.S. banks — Chase and Capital One — had perfect 100 scores.

Most companies haven’t implemented technology to prevent “cyber criminals from sending messages that appear to come from their domains — a failure that leaves customers vulnerable to phishing attacks,” the study concludes.

The emails from cyber criminals trick people into sharing sensitive information, “leading to identity theft and other crimes,” the study says. “Because victims of phishing attacks often blame the companies they thought sent the forged emails, the attacks also erode the trust companies spend years building with customers.”