The Most Dangerous Email Threats and How to Stop Them
As the most prominent form of business communication, email security is paramount for every organization. Cyber threats are constantly evolving and becoming more and more effective. From phishing to blackmail, email is a part of many business-related cyber-attacks. Worldwide, almost $18,000 is lost every minute from phishing attacks over email.
Business organizations and especially nonprofits are far more likely to receive fraudulent and malware-laden emails than individuals, according to a report from Google. Email security has therefore become an essential piece of business cyber security. In this article, we explore the most dangerous email threats along with the most effective defensive strategies to prevent them.
Just like regular spam, malware emails are usually sent to large groups of people. Over 90% of malware is delivered via email. Perpetrators attempt to trick users into downloading dangerous software, which might allow them to remotely control the user’s computer or exfiltrate data. Some extremely sophisticated attackers even use zero-day exploits to compromise users who do not download the software instead taking advantages of bugs in the email client or the browser itself.
The most effective way to reduce the impact of malware is using email filtering gateways that scan email before it reaches the inbox, to identify and block malware files or exploits.
Phishing is a relatively broad category of threats that all involve tricking people into entering sensitive information into an attacker-controlled site. Some phishing attacks are targeted to an individual (spear phishing), while others are sent to a large group of people. There are a variety of phishing attacks being used by cybercriminals:
To perform a URL phishing attack, a cybercriminal impersonates a legitimate entity by placing a link to a fake site in a real-looking email. If the user clicks on the link and enters sensitive data, like a password or confidential information, the attacker will acquire that information.
Similar to malware, email filtering gateways are an effective strategy to protect against URL phishing. AI classifiers in these gateways do a good job of detecting phishing emails. Some systems can even rewrite or sandbox links in emails to identify threats and protect users even after the email has been received. Additionally, many corporate web filters can block phishing websites preventing compromised users from entering information or accessing sites with poor reputations.
Unlike generic URL phishing, spear phishing is personalized to one individual. This type of phishing might impersonate a trusted boss or coworker or a specific company that a user has interacted with recently. Spear phishing is usually combined with sophisticated social engineering to trick even the most careful users.
In general, spear phishing is more difficult to automatically protect against. Analytics on historical email data can be used to analyze the attack pattern of a spear phishing attack, in order to block future attacks of a similar nature. In addition, employee education plays a major role in protecting against targeted phishing.
Lateral phishing is where the attacker compromises one user’s email account and then uses it to attack other users. Unlike business email compromise, something we’ll get into later in this article, lateral phishing requires compromising a user’s actual email account, not just pretending to be them.
Account takeover is a more advanced and difficult-to-detect threat. Attackers use traditional spear phishing to compromise a user’s account. When they acquire the user’s credentials, the attacker can monitor the types of emails sent and received on the company network to better assist in lateral phishing attacks. While this is the most difficult attack to pull off, it is also the most potentially destructive.
Artificial Intelligence (AI) inbox defense is the only good way to protect against lateral phishing attacks. By analyzing patterns and historical information, this kind of protection can best defend against these sophisticated attacks.
In an impersonation attack, a hacker pretends to be a business or individual. Impersonation is used to add legitimacy to phishing and spam emails. Here are some examples of impersonation attacks:
In conjunction with URL or spear phishing, attackers might register domains that look similar to a trusted service in an attempt to trick users who check the address bar. Common techniques include using domains with subtle misspellings of common company names or using different TLDs (like .net instead of .com, for example).
In general, up-to-date phishing site block lists and AI inbox protection can protect against this technique. Through analysis of historical data, AI inbox defense can find anomalies from domains in previous emails to stop an attack before it happens.
Well-recognized companies should also consider purchasing variations on their own domain name before hackers do, to prevent phishing attacks on their customers.
Brand impersonation is a common staple of nearly all phishing attacks. Attackers use brand assets (designs, logos, etc.) to make their emails look legitimate. In this e-book by Barracuda Networks, it is reported that 56% of brand impersonation emails attempt to impersonate Microsoft.
AI inbox protection uses an API-based architecture to analyze historical email information to accurately identify this type of phishing email and block it before it hits the inbox. In addition, businesses should make an effort to protect their own branding assets from usage in a phishing attack.
One of the most effective impersonation techniques used in spear phishing is business email compromise. In fact, these kinds of attacks caused $1.77 billion in damages in 2019, according to the FBI. Instead of impersonating a company or service, attackers impersonate a high-level manager or trusted coworker.
In 2019 the City of Burlington, Ontario was defrauded to the tune of $503,000 when they were convinced to change the account information for a vendor for whom they were issuing large payments.
These attacks are difficult to prevent with traditional stateless email filtering. However, AI based protection may be able to stop them before they happen.
Similar to traditional blackmail with paper-based mail, this email threat requires the attacker to convince a victim that the attacker knows some embarrassing or sensitive information about them. Most blackmail emails are sextortion schemes, where the scammer claims to have a video of the victim in a compromising position, threatening to share it with others unless the victim pays up.
While most of these emails are relatively unsophisticated and can be stopped with regular email filtering, AI based defense can be more effective.
The Best Email Defense
Protecting against today’s increasingly advanced email threats requires powerful technology. A combination of a gateway or filtering system and AI email protection is the best way to defend against modern attackers.
Here at Outsource IT we use Barracuda technologies such as the Email Gateway and Sentinel AI Email Defense to protect the email inboxes of our clients and lower their risk of exposure to devastating email threats. To learn more about our email defense best practices, contact your Outsource IT account manager today.