Common Enterprise Email Threats
Common Enterprise Email Threats
The routine office work of enterprises relies heavily on email services. While many enterprises prefer their own email services, use of free email services is not uncommon. However, whether internal or external, emails can be a vehicle for multiple types of malware, including ransomware, phishing attacks, social engineering attacks, etc.
Statistics from 2017 highlight the evolution of phishing attacks, the quadrupled growth in spam emails, the infection of one in every 131 emails, and more than 400 enterprises targeted by business email compromise (BEC) scams.
The heavy reliance of enterprises on email services, combined with the increase in associated threat vectors, makes it important for enterprise staff to be aware of some basic email threats and non-technical guidelines.
Common Attack Vectors and Strategies
Attackers rely on several common strategies for targeting people through email:
- Emails with infected attachments. Emails with malicious attachments can infect victim systems by downloading keyloggers, ransomware or other types of malware.
- Fraudulent/malicious links inside emails. Attackers can send links to malicious websites in order to perpetrate further attacks.
- Social engineering to compel transactions. Victims can be coerced to send sensitive information, such as login credentials or credit card details, in reply to an email or through some other link in the malicious email.
Popular email threats can fall under the following categories:
- Ransomware: Ransomware attacks normally start with a malicious email infecting a victim computer and encrypting its data. Then, this malware is spread over the network.
- Phishing: Phishing uses emails to entice victims into providing sensitive information.
- Spear phishing: Unlike general phishing, spear phishing targets specific people. Because attackers craft spear phishing emails after extensive research to make them look real, they can be very effective, even against security-conscious individuals.
- Spoofing: In such emails, the sender’s address is disguised by the attacker to impersonate a trusted contact of the victim. Despite precautionary measures, such as email headers, email spoofing is still often successful and, therefore, is used by attackers quite commonly.
- Man-in-the-middle attacks: Attackers can eavesdrop on email communication and, in some cases, steal sensitive information.
- Business email compromise (BEC): Such emails appear to be initiated from a superior and ask an authorized individual in the organization to perform financial transactions or other important tasks. The overall success of such attacks lies in social engineering.
- Spam: Unwanted emails for marketing and advertising purposes are quite common and, in spite of filtering, can still find their way into an inbox. While most spam is only irritating, some may contain malware as well.
- Keyloggers: Key logging can be one of the initial steps to a devastating data breach. Keyloggers are often delivered via email and are downloaded and installed when a victim clicks some malicious link within an email or attachment.
Some Safety Tips
- Beware of impersonated senders. Emails that appear to come from trusted friends and colleagues may not actually be from them. Rather than just trusting display names, make sure to check actual email addresses too.
- Refrain from clicking unknown links. Do not test links in emails by clicking on them, especially if an email is from someone unknown or the content seems suspicious.
- Pay attention to any spelling mistakes. Most malicious emails have spelling mistakes and poor grammar. In contrast, because well-established brands, multinational companies and banks are typically particular about email content, legitimate emails from such senders would be highly unlikely to contain spelling or grammatical mistakes.
- Distrust vague salutations. Because malicious emails are typically generated for multiple users, their salutations are often vague and generic. Legitimate emails should not address the recipient as “Valued Customer.”
- Avoid emailing personal information. Companies do not ask for personal information via emails. Such requests should be presumed to be malicious.
- Question any “urgent” or “emergency” emails. Malicious emails are often designed to create a sense of urgency when asking for personal information or for the recipient to click on some malicious link. Do not get intimidated by lines such as “Your account has been suspended.”
- Look for contact details. Legitimate emails from companies should always have information for telephonic contact. The lack of such details suggests malicious intent.
- Do not open any attachments. When you are not expecting an attachment, do not open it. Malicious emails with attachments often use eye-catching and tempting titles for attachments.
- Be skeptical. If an email has raised your suspicion flag, despite a seemingly safe display name or brand logo, trust your gut feelings. Use other means to communicate with senders of suspicious emails to determine truth and authenticity.
Email services are essential for routine enterprise work. However, too many threats are linked to email. Email users must remain cognizant of prevailing threats and take necessary safeguards.
About the Author
He has been recently recognized as one of the 40 under 40 by The Armed Forces Communications and Electronics Association for his significant contributions in the field of science, technology, engineering and math (STEM).