Today, the vast majority of attacks are mounted via email and rely on individuals opening and dealing with rogue messages. Just a single click can result in a widespread infection that causes problems for hundreds or even thousands of users.
There are 13 different threats that cybercriminals can deliver using email.
- Spam: This common threat involves the sending of large volumes of unsolicited emails. Attackers know they only need a small number of users to open the messages for an attack to succeed.
- Malware: Cybercriminals deliver documents or files via email that are infected with rogue code. If opened or clicked, this code can infest both the device being used and the wider IT infrastructure to which it is connected.
- Data exfiltration: This threat involves the unauthorised transfer of data from a computer to another device. This can be achieved by running code that has been delivered to the computer via an email message.
- URL phishing: Phishing attack involves criminals who set out to obtain sensitive information for malicious use. URL phishing involves directing users to a fake website where they are encouraged to enter their details into a seemingly legitimate form. The technique is also known as fake websites or phishing websites.
- Scamming: Using this approach, cybercriminals use fraudulent schemes to defraud users or trick them into providing personal details. Examples can include fake job postings, investment opportunities, or inheritance notifications.
- Spear phishing: This threat uses a highly personalised form of email attack. Messages appear to have come from a legitimate source which increases the chances that a user will open or interact with them. This, then, leads to infection or a loss of data.
- Domain impersonation: This involves setting up fake domains that are very close in appearance to legitimate destinations. There might be one character different or a different top-level domain (TLD) used to fool users into feeling secure.
- Brand impersonation: This threat occurs when cybercriminals impersonate a legitimate business to trick users into revealing details. Users are directed to a site that appears to look like the real thing. However, it is actually being controlled by the criminals.
- Extortion: This involves cybercriminals who contact victims via email to tell them they have compromising materials about them. Unless they make a payment, the threat is that these materials will be revealed to the world.
- Business email compromise: In these attacks, scammers impersonate an employee within a business to defraud the organisation. This might involve tricking staff into paying a fake invoice or transferring funds to a criminal’s bank account.
- Conversation hijacking: This involves a cybercriminal inserting themselves into an ongoing email conversation. Attackers spend time reading through email chains to understand how a business operates and then joins a conversation pretending to be a legitimate party. This can result in other users revealing personal details or making false payments.
- Lateral phishing: This threat involves an attacker using a recently hijacked email account to send phishing emails to users. Because they come from a legitimate source, it is more likely that users will respond.
- Account takeover: This involves a cybercriminal undertaking a type of identity theft. A user account is compromised and used to understand how an organisation operates. Further targeted attacks are then launched.
Threat protection
Being aware of these types of threats is the first step to guarding against them and the disruption they can cause. Ensure all staff understand each of the threats and what tactics may be used against them.
It’s also important to have in place an email gateway that can block high-volume attacks. This can include stopping spam and phishing emails, thus ensuring they never reach the inboxes of users.
