Despite today’s rapidly evolving technology landscape, email remains the #1 tool of choice for business communication due to its reliability and convenience. Anyone with basic computer skills can comprehend and use email quickly and effectively. However, this ease of usage means email is a serious target for cyberattacks.
This article will explain the most common types of email attacks and highlight some signs to watch out for in a possible email attack.
Types of Email Attacks to Watch Out For
Today, the email threats faced by organisations vary greatly in complexity, volume, and impact. Successful email attacks can potentially lead to data breaches and additional cyberattacks for businesses worldwide. Here are the types of email attacks businesses have encountered:
Email Phishing
Email phishing remains one of the most widely-used attack types to date. Users receive emails from malicious actors with a message incorporating some kind of social engineering tactic to create a sense of immediacy, leading people to either click on a link or download an attachment.
If it’s a link, users will be taken to a suspicious website that either steals credentials or installs malware on a user’s device. If it’s an attachment to be downloaded such as a PDF, they will have malicious content stored in them that installs the malware once the user opens the document.
How to identify email phishing:
- Inaccurate information: Phishing attacks typically involve the impersonation of a legitimate organisation so the contact information will be spoofed. Check for things like misspellings or a sender email address that has the wrong domain.
- Malicious code: Look out for any signs of suspicious coding in downloads or links. This is made to trick Exchange Online Protection (EOP).
- Shortened links: Avoid clicking on any shortened links, which are used to fool secure email gateways.
- Fake brand logo: Sometimes, the message may include real-looking logos for further authenticity. Review these logos because they may contain malicious HTML attributes.
- An image and very little text: Ignore these kinds of emails because the image might be hiding malicious code.
Spear Phishing
Spear phishing is a highly personalised form of phishing scam. Cybercriminals target specific individuals within the organisation and craft carefully designed messages, often assuming real names or job functions, to make the recipient think the email is coming from someone inside the organisation.
Information used in the message is usually taken from published or publicly available sources like the company’s social media accounts or official website to sound more legitimate. Cybercriminals also take advantage of social engineering tactics to increase the likelihood of success.
Spear-phishing emails aim to steal sensitive information, such as login credentials or financial details. With this access, the cybercriminal can commit fraud, identity theft, and other crimes. Since the target recipient believes this is an internal email, he/she takes the action requested in the phishing email.
How to identify spear phishing:
- Abnormal request: Be cautious of internal requests from people in other departments that seem unusual for their job function.
- Links to a shared drive: Do not immediately open any links to documents stored on shared drives like Google Suite and Office365. This may redirect you to malicious websites.
- Password-protected documents: Be careful when inputting a user login ID and/or password to access protected documents because this may be an attempt to steal your credentials.
Malware
In many reported cases, users have received emails with attached documents containing malicious code, also known as malware. The malware is usually hidden somewhere in the document itself or, when the user clicks the document to open it, an embedded script downloads the malware from an external website.
Nowadays, malware encompasses a wide range of viruses, Trojans, spyware, worms, and ransomware. These sophisticated attacks are evolving at an alarming rate. They can impede day-to-day operations and result in financial losses from downtime. Additional costs may also be incurred from ransom payments, recovery costs, and other unanticipated expenses.
Related topic: How to Prevent Ransomware Attack and Avoid Data Loss
Domain Impersonation
This is an attack vector often used by hackers whereby a fake website impersonates an established domain through techniques such as typo-squatting. Typo-squatting involves replacing one or more letters in a legitimate email domain with a similar letter or adding a hard-to-notice letter to the legitimate email domain.
For example, an attacker wanting to impersonate primaryguard.com would use a very similar URL:
- primary-guard.com
- primarguard.com
- primeryguard.com
- primaryguarrd.com
To be almost identical to the original domain, an attacker could even change the top-level domain (TLD) – using .net or .co instead of .com – to trick victims:
- primaryguard.net
- primaryguard.co
Domain impersonation requires some preparation beforehand, however. Cybercriminals must register or buy the impersonating domain. If the differences between the legitimate email domain and the impersonated one are too subtle to pick up, this could be a high-impact attack that goes unnoticed.
Business Email Compromise (BEC)
In BEC attacks, hackers may either impersonate or hijack a real employee’s account to steal money from the company, its other employees, or customers. This attack is mainly focused on personnel with access to the company’s finances or employees’ personal records, tricking individuals into performing wire transfers or disclosing sensitive information.
Since these attacks use compromised accounts that are familiar to people within the organisation, the hacker does not need to deploy malware or fake websites to trick people into paying or sending money. As the impersonated employee, the hacker provides new account details for the wire transfer.
Whaling/CEO Fraud
Whaling, or “whale phishing”, is a more specific kind of BEC attack. Attackers explore a company’s website to find the name of its CEO or another senior executive and then impersonate that person using a similar email address. They will then send emails to employees within the organisation, asking for a money transfer or request that the recipient review a document.
How to identify whaling:
- Abnormal request: If your company’s CEO or senior leadership has never made contact with you before, be cautious of taking the requested action.
- Not a work-related email: Make sure that any request that comes in is sent from a work email address and not from a personal one.
- Inaccurate email address: The sender’s email address may have some extra or missing letters, i.e., “primaryguarrd.com”.
- Social engineering tactics: The sender puts a lot of pressure or stresses urgency on the recipient’s next action(s).
- Requesting money or sensitive information: Most whaling messages will either include the sender’s request for a wire transfer or sharing of sensitive information.
Protect Your Accounts with Multi-Factor Authentication
Since many types of email attacks often attempt to steal user credentials, implementing multi-factor authentication for all your accounts can help mitigate this risk. Requiring users to provide a secure password or use an approved device (ex. an authentication app on a phone) every time they log into your networks, systems, and applications is taking a step towards better data protection.
Check out Primary Guard’s services for Access Control Management today.