Protection against email threats is a significant concern for cybersecurity in business. Email attackers use many tactics to send malware, steal sensitive information, or manipulate employees to become victims and cause enormous financial damages to their companies.
And since an attack on email security comes in many forms, it is essential to know the top 6 email threats your business needs to worry about to be successfully protected.
Phishing attacks are email scams that use deception and social engineering to ‘bait’ company employees into providing sensitive business information, like login data or bank account details.
The email seems like entirely legitimate communication sent from a trusted colleague inside the company or a genuine business partner. It manipulates the recipient into clicking a link that opens an attachment which contains a virus that distributes malware. One of the best protection against phishing is surveillance of network communication.
2. Spear Phishing
Spear phishing is an advanced form of phishing that instead of spamming multiple email accounts, targets specific individuals inside an organization. Cybercriminals use extensive background research on the employee to create a highly customized email that appears to be coming from a reliable co-worker, department manager or business partner.
Once victims are hooked, they can even be persuaded to share company information with the scammer freely.
3. Business Email Compromise (BEC)
Business Email Compromise is an advanced social engineered email attack that targets high-ranking company officers who have clearance to perform financial transactions. Cybercriminals impersonate the CEO and send the email to a member inside the organization requesting an immediate wire transfer, direct deposit or other forms of payment to a specified account.
An FBI announcement revealed that this type of attack was responsible for a $5.3 billion loss among US companies, making it one of the most dangerous threats to email security.
Spoofing emails deceive company employees to think the fraudulent communication is coming from a reliable source by sending emails from seemingly legitimate email addresses or domain names. A spoof email may trick the recipient by disguising the email (e.g. john@greatbusiness vs. john@greatbusness).
Protection against email threats like this requires advanced email authentication procedures to be in place at the company, as well as awareness on the different squatting domains (close enough domains to fool the recipient - e.g. firstclassbank.com vs. fistclassbank.com)
5. Malware and Ransomware
Registered malware and, specifically, ransomware are commonly delivered during email attacks like phishing. Once you open an attachment or click on a link - directly from the email, or within a fake website you have been directed to, malware is installed on the computer. Ransomware, in particular, attacks the computer system by encrypting and blocking access to data, demanding actions in order to restore access. Other forms of Malware are able to steal credentials and other information, damage the system and spread around in the network (“worms”). Access restores after you pay the ransom demand.
6. Directory Harvest Attacks
Directory harvest attacks (DHA) are email threats used by spammers to access the email address database from the company domain. Once cybercriminals are inside the directory, they can also obtain a company’s commercial information, combine it with another form of attack, like phishing or BEC, and inflict even more financial damage to a company.
AnubisNetworks offers business email protection that can increase business communication security and integrates with any existing architecture. Our Email Protection Service for enterprises provides you with reliable inbound/outbound filtering and control that raises the protection against email threats to highly secure levels at your organization.
Author: Rui Serra
With degrees in Computer Engineering and Marketing, Rui started his career managing training documentation for IT Training and consulting firms. He then joined Nokia Siemens Networks as a Documentation Specialist and Project Scrum Master before joining AnubisNetworks in 2009, where he has advanced from managing documentation to Product Manager for the growing Product Portfolio.