Why worry about Email Security?
Email is the entry point for a maximum number of cyber threats. An email attack happens when a malicious actor targets your email id with an intention to gain information, illegal system access, or direct money through funneling. We are still just halfway through the year and the monetary losses for this half attributed to email attacks have already crossed multiple millions. Email attacks target both individuals and organizations. So, even if you are just an aware citizen looking to learn more about email borne cyber threats, or an organization looking to fortify their email security, this blog is for you. This blog lists down several types of email threats you should be aware about.
9 Dangerous Email Threats
There’s power in numbers. This is sadly also true for email attacks. Cybercriminals send spam emails in bulk to several victims at once. They can profit from the percentage of users engaging with the spam emails. But more often, spam is used for laying the groundwork for launching other types of email attacks. Spam mails are almost always unsolicited and are likely to repeat multiple times (as long as the cyber criminal runs his or her campaign). This is different than the promotional outbursts from companies you know you are dealing with. You can just unsubscribe to these mails and your problem is solved. Spam is different in that you did not request a newsletter or did not consent for promotional content. Don’t hurry to unsubscribe as even the subscription landing pages are botched.
Safety tip: Ignoring spam is the best policy, and installing anti-spam filters on your email works best.
Email viruses are pieces of damaging code spread through emails. They usually rely on user interaction with email. Viruses often hide behind innocent looking files, which when you download on your machine, get deployed through batch files. Viruses may also exit your system by creating backdoor accounts which are basically invitations for other threats to attack your system.
Safety tip: Viruses typically reside in word or other office documents. They may appear locked for editing. Do not enable editing as the event will trigger batch files to parse the code macros.
3. Email Spoofing
Spoofed emails use email headers to mask the true origin of the email. The sender address on the surface looks legitimate but is in fact different from what it appears. Email spoofing generally targets decision makers in the company. Through an attack called as CEO impersonation, a spoofed email apparently coming from the CEO will often instruct someone in the finance department to release funds into a designated bank account. Spoofed emails can be caught with multiple sign-offs and well-defined payment release processes. Do not interact directly with such emails, but rather verify with an actual person first.
Safety Tip: DMARC can be used to identify and stop the domain name spoofing attacks. It instructs the receiving server on how to deal with the spoofed email domain. Spoofed emails will surely urge you to maintain secrecy. For e.g., while asking for funds, a spoofed email will say something like, ‘Don’t disclose this information to your peers.’ This is a warning sign. Alert your superiors or the actual person supposedly sending the email, immediately.
Phishing attacks use subject lines and lucrative offers through emails to bait their victims. The victim is asked to click a link and fill out a form on a phishing website, whereby his credentials are captured. You lose your sensitive financial and authentication information to a fraudster if you interact with a phishing email.
Safety tip: You often hear action heroes say, “I have a nose for trouble.” It is true of anyone. You can train yourself to smell a phishing email threat(it won’t smell like an actual fish, though). But when you read about enough cases, and have an all-round awareness of security, you can make out patterns in an email that can alert you to trouble.
5. BEC Attacks
These are attacks which target companies who are prone to deal with remote and offsite payments. An attacker patiently monitors your email communication and absorbs your email mannerisms. Then, when the time is right, the attacker injects himself or herself into the conversation and impersonates as a regular employee, asking either for payments or credentials. These do not use links or attachments to deploy malicious code.
5.1. Display Name Spoofing
The spoofed email displays the name of a trusted person but the actual email address behind it is incorrect. This is distinct from regular email spoofing in that it is not always someone impersonating a high-placed executive in your company. It can be friends, co-workers, business partners etc. This type of attack does not always ask for a money transfer but can also ask you to interact with a fraudulent link, a document, or any other attachment.
Safety tip: Fortify the communication policies within your organization. Spot errors in emails that are unnatural for someone who is supposedly at such a high rank (a CEO would not make silly grammatical errors). If you get an inkling of an attack going on, alert all personnel and do an organization-wide password update.
Ransomware enters the systems through an email and encrypts all your files. It is a malware that locks you out of your own system. The attacker will leave a note as a text file, asking for money in return for the decryption key. This is the costliest form of malware attack yet, as it forces you to pay money directly.
Safety tip: Read our guide on Ransomware Protection.
7. Zero-Day Attacks
Security holes in software are nothing new. What matters is the sincere efforts of the developer in providing security patches time and again, for all the bugs in the code. However, sometimes users don’t meticulously download and update application patches, creating a security hole open for any hacker to exploit.
Safety tip: Be very alert for security updates. Update your applications as soon as the developer releases a patch. If there is an option to auto-configure updates, use it; don’t be put off by the fact that you might have to restart your machine due to it. The irritation is worth the security. Implement this policy across all machines in your organization.
8. Account Take Over
ATO attacks occur when a threat actor gains illegal access to an account. ATO can take help from phishing for this or use guesswork to get the passwords of an employee. The damage done using ATO is limitless. It’s as good as you giving someone the key to your house and Safety leaving for a vacation. You will be robbed for everything you have.
tip: Never use the same password for two different accounts. We would like to say the brain is the best tool for storing passwords but that is impractical. If you store passwords on a file, encrypt it. A piece of paper might not be the best place for credentials. Change your passwords every once in a while. Employ multifactor authentication.
Keyloggers are malicious programs that enter your system when you download a phishing attachment. They are instructed to monitor your keystrokes and report back to a server, possibly at midnight (00:00 on the clock) when other processes are likely stopped. Keyloggers can record your passwords and other security credentials as you enter them.
Safety tip: A potent antivirus tool can detect keyloggers. If you sometimes use your phone for quick logins, consider getting an anti-virus tool that spans across all your devices.
10. BONUS – Social Engineering
We can’t exactly count this among email threats on its own, but rather it is an attack construction method that cyber criminals base their attacks on. It relies heavily on social aspects of online communication. An attacker will patiently inculcate every aspect of communication, right from the decision hierarchy to the busy times when your company is used to sending a lot of invoices and sensitive data. These attacks employ psychological tricks so that the attacker can ‘become’ an employee of your organization and mingle into your email stream. These attacks don’t depend on your interaction with an email. So, however much wary you remain of phishing emails, won’t help. Invoice frauds are an excellent example of social engineering attacks.
Reading Resources: Prevent Social Engineering Attacks.
Safety tip: Strengthen your security fabric by opting for 3rd party email security services that nip such attacks in the bud.
Logix provides total security against email threats through its Cloud Email ATP solution. Prevent all modern email attacks and get assured support too!