7 Top Types of Email Threats
Emails offer hackers a vehicle to deliver a variety of vulnerabilities to an organization. Some of the more common email-borne threats to be aware of include:
Spam
Emails are used to deliver spam or unsolicited messages, which can clog inboxes and network resources, diminish businesses productivity, and increase operational costs.
Spear Phishing / Whaling
In this variant of phishing, key IT/networking individuals or company execs are targeted using malware-laced emails appearing to come from a trusted source, in efforts to gain access to internal systems & data. Over 90% of cyber-attacks start with a successful phishing campaign.
Malware
Email is one of the top delivery mechanisms to distribute known & unknown malware, which are typically embedded into email attachments in hopes that the attachment will be opened or downloaded onto a computer or network, thereby allowing hackers to gain access to resources, steal data, or crash systems.
Phishing
This common hacker tactic utilizes emails with embedded links to hacker sites. When gullible users visit these sites, they’re prompted to enter PII (Personably Identifiable Information) that is in turn used to steal identities, compromise corporate data, or access other critical systems.
Ransomware
Ransomware is an evil form of malware. Once the email attachment is activated, the code embeds itself on a network and ransomware usually encrypts or locks files and systems that are critical to the organization. The hackers then demand an extortion fee in order to have the files or systems un-encrypted or unlocked. Email is the preferred vehicle to deliver ransomware either through infected attachments or malicious URLs.
Outbound Email Hijacking
Corporations are also subject to corporate policies and government regulations, which hold businesses accountable for their outgoing emails and ensuring they protect their customer’s PII. Zombie attacks and IP hi-jacking can disseminate customer PII, ruining the reputation of a business.
BEC / CEO Fraud / Impostor email
Over the past few years, Business Email Compromise (BEC) schemes have caused at least $5.3 billion in total losses to approximately 22,000 enterprises around the world, according to the latest figures from the FBI.*
The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments.
How to Recognize Email Threats
Emails threats come in many different forms and the tactics used are constantly changing as the battle between the attackers and security protectors continues to rage. Below are some recent examples of email threats.
Example 1:
Clue #1: In the SPAM email (to the right) the attackers have inserted a fake Display Name using the targeted company’s domain name followed by “administrator”, trying to make it look official.
Clue #2: This email had been correctly Tagged as SPAM by our SPAM filter (notice the ~ symbol at the beginning of the Subject line).
Clue #3: The user reported that they never use the Microsoft Edge browser.
Clue #4: By hovering over each link the popup will reveal where the link will take you if clicked. These links would take you to a website hosted in Luxembourg.
Never click on a link without knowing first where it will take you if clicked!
Example 2:
Clue #1: This email is trying to pressure the recipient into making a rash decision due to it’s proposed urgency.
Clue #2: By hovering over each link the popup will reveal where the link will take you if clicked. This email has a malicious link which differs from the displayed link.
Clue #3: The majority of phishing emails are generated from foreign countries and often contain grammatical errors.
Example 3:
Clue #1: This email is trying to pressure the recipient into making a rash decision due to it’s proposed urgency of a package not being delivered.
Clue #2: By hovering over each link the popup will reveal where the link will take you if clicked. This email has a malicious link which differs from the displayed link.
Clue #3: If you already have an account with a company, chances are you already have a shortcut saved to their website. If you were not expecting an email containing a link to access your account it is always best to use your own saved shortcuts.
NOTE: Malicious website can be built to look just like the site you think you are going to. Always verify the domain of the site you are on paying close attention to the spelling of the domain before entering any credentials.
Example 4:
Clue #1: The Display Name ([email protected]) does not match the email domain it was actually sent from ([email protected]). Display Names are easy to mask but only authenticated accounts can send emails. However, attackers often used compromised accounts to send from.
Clue #2: This email is trying to pressure the recipient into making a rash decision due to it’s proposed urgency of their bank account being closed and losing their balance and all interest earned.
Clue #3: By hovering over each link the popup will reveal where the link will take you if clicked. This email has a malicious link which differs from the displayed link.
NOTE: If you already have an account with a company, chances are you already have a shortcut saved to their website. If you were not expecting an email containing a link to access your account it is always best to use your own saved shortcuts. Malicious website can be built to look just like the site you think you are going to. Always verify the domain of the site you are on paying close attention to the spelling of the domain before entering any credentials.
Example 5:
Clue #1: The sending email is not from your email hosting provider. Our email notification come from the elshosted.com domain.
Clue #2: The majority of phishing emails are generated from foreign countries and often contain grammatical errors.
Clue #3: By hovering over each link the popup will reveal where the link will take you if clicked. This email has a malicious link which differs from the displayed link.
Clue #4: This email is trying to pressure the recipient into making a rash decision due to it’s proposed urgency of their unread emails being deleted in less than 48 hours.
Example 6:
Clue #1: The sending email address is not from DocuSign. A quick domain search reveals that the dedoho.com domain is from Indonesia.
Clue #2: By hovering over each link the popup will reveal where the link will take you if clicked. This email has a malicious link which does not point to a DocuSign domain.
Clue #3: The majority of phishing emails are generated from foreign countries and often contain grammatical errors.
