Common Email Threat Types How to Dodge Them - Computers Nationwide

Common Email Threats and How to Dodge Cyber Attacks Like a Pro

Did you know that 95% of cybersecurity breaches are caused by human error? Insider attacks remain the largest threats to organizations today. According to Cybersecurity Insiders: 68% of organizations feel moderately to extremely vulnerable to insider attack. That’s a pretty high number.
Does your SMB fall into this category? Have you given your team an extensive cybersecurity awareness training? Are you unsure if your company’s cybersecurity efforts hold a strong enough defense against today’s sneaky, malicious attacks?
Of course, your employees are doing the best they can to be diligent and practice cyber safety – but they are human after all and we make mistakes! So much is at risk when a business suffers from a cyber attack: company data, client data, confidential documents, financial loss, and of course, a massive hit to your reputation.
There are a few key ways to prevent a cyber disaster from striking and to stop hackers in their tracks. The first solution is implementing reliable, cutting-edge cyber security tools. The other equally important solution is education – for business owners and their teams to learn as much as possible about recognizing and avoiding these threats.
“Human error is the most widespread type for security incidents, and the results of such incidents caused by human error generally cost the least to mitigate. Examples of human error are sending sensitive data to the wrong recipient, misconfiguring an environment, and using unsafe work practices. Detecting and remediating an incident caused by employee or contractor negligence costs an average of $310,000.
User training and awareness is a purely administrative activity that increases employees’ awareness of threats. Efficient user training helps to reduce the number of incidents caused by negligence and gives users enough knowledge to recognize and report threats.” Ekran System
Ransomware attacks are becoming more sophisticated. Phishing has evolved. Malware continues to show no mercy. With all of these email threats stacked against SMBs today, it can feel daunting. You’re not alone!

Computers Nationwide is here to help shed some light on common email threats that companies encounter and how your business can dodge cyber attacks. The more we know about our enemies, the better prepared we can be…

Common Email Threat Types How to Dodge Them - Computers Nationwide

Our partners at Barracuda Networks have published a series of helpful educational blogs specifically about this topic: 13 email threat types to know about right now

Email threat type #1: Email scamming. Email scamming is a type of spear-phishing attack designed to steal the identity of the victim or by tricking them into disclosing personal information. Many of these scams include fake invoices, charities, and other schemes meant to lure the victim into sending money to the attacker.

Email threat type #2: URL phishing. A URL phishing attack is an attempt to obtain sensitive information such as usernames, passwords, and other details. In this type of attack, the criminal relies on a “phishing website” to capture these details. These attacks are successful when a victim follows a link to a website and provides whatever information is requested. Normally these links are disguised as password resets or identity confirmations for legitimate services. The website is also disguised so that the victim does not notice that it is a fake website.

Email threat type #3: Extortion. Extortion and sextortion attacks are increasing in frequency and sophistication. The criminal contacts potential victims by email and claims to have compromising video or information that will be released to the public if the victim does not pay to keep it quiet. As ‘proof’ that the criminal has access to this material, the email includes sensitive information that only the victim should know, such as passwords.

Email threat type #4: Lateral Phishing. A recent study revealed that 1 in 7 organizations has experienced a lateral phishing attack. In this type of attack, criminals use recently hijacked accounts to send phishing emails to the victims’ contacts. Lateral phishing tends to have a high success rate because the attacks come from a legitimate email account that is familiar to the victim. Lateral phishing is usually an internal attack, which means that email gateways will not detect this threat. An email security gateway can only stop an attack that passes through it.

Email threat type #5: Brand Impersonation. Brand impersonation is an attack that impersonates a company or brand to hide the malicious intent of an email. The idea behind it is that a recipient will respond and provide sensitive information on the assumption that the email is from a trusted sender.

Email threat type #6: Account Takeover. Account takeover, also known as an ATO or an account compromise attack, is a type of identity theft where criminals gain access to a legitimate user account in order to steal money or sensitive information. Hackers use a variety of tactics to gain access to the account: brand impersonation, social engineering, phishing, credential stuffing, and brute force hacking.

Email threat type #7: Conversation Hijacking. In its simplest form, this attack involves a criminal communicating with a potential victim while impersonating a trusted source. The recent attack on Norfund used multiple instances of this tactic. Once the attackers understood the patterns of Norfund’s communications with potential clients, they were able to impersonate both sides of a conversation. Norfund was receiving fake communications and documents from the client, and the client was receiving fake communications and instructions from Norfund.

Email threat type #8: Domain Impersonation. Domain impersonation, also known as typosquatting, is often used as part of a conversation hijacking attempt. Attackers target legitimate domains, such as by creating domains that appear similar. Such a domain might be accessed by a user typing the legitimate domain incorrectly, either with a misspelling or incorrect top-level domain.

Email threat type #9: Spear Phishing. Spear phishing is one of the most common attacks today. This personalized email attack targets anyone who has access to sensitive information or the ability to send payments, and no company is too small or too large to be a victim. Many people thinking of phishing and spear phishing as the same thing. To be clear, phishing involves sending a generic email message to as many recipients as possible. Spear phishing is a much more personalized attack and normally has a greater payoff if it succeeds.

Email threat type #10: Business Email Compromise. Business email compromise (BEC) has been one of the most damaging email threats in the past few years. Put simply, a BEC attack is an attempt to trick a company or individual into sending money to the criminal. This is done by assuming the identity of a trusted source and crafting an email message with an invoice or other payment request.

Email threat type #11: Data Exfiltration. Data exfiltration, sometimes referred to as data theft, is the unauthorized transfer of data from your computer, network, or other devices. The stolen data is transferred from the victim to a control server or some other device that is controlled by the attacker. This data is often sold on the dark web and used by other criminals for spear phishing, identity theft, and other advanced threats.

Email threat type #12: Malware. Email attacks often come in the form of a harmless-looking email with malware attached as a .zip file or embedded in an email attachment. This malware could install ransomware, spyware, and other damaging programs. Malware is short for ‘malicious software’ and is a general term for many different types of threats to a computer system or network. Viruses, spyware, rootkits, keyloggers, and exploits are all examples of malware.

Email threat type #13: Spam. Spam is unsolicited bulk email messages, also known as junk email. Spammers typically send an email to millions of addresses, with the expectation that only a small number of recipients will respond to the message. Spammers gather email addresses from a variety of sources, including using software to harvest them from address books. The collected email addresses are often also sold to other spammers.

Common Email Threat Types How to Dodge Them - Computers Nationwide
Our friends at Datto share: “Cybercriminals are now looking at vulnerabilities that can be remotely exploited. 59% of MSPs said remote work resulted in increased ransomware attacks and 52% of MSPs reported that shifting client workloads to the cloud came with increased security vulnerabilities.
For any organization using cloud-based collaboration tools like Microsoft 365 OneDrive for Business or Google Workspace, the impact of a ransomware attack can be swift and destructive. It only takes an infected laptop containing files that automatically sync to the cloud to multiply the infection exponentially.
Those newly-infected files sync, then infect and encrypt other files in every connected system – including those of business partners or customers, whose files and collaboration tools will be similarly impacted. This can lead to significant harm to a business’s reputation, lost data, and downtime.”
A word from Webroot: “Cybercriminals certainly didn’t sit 2020 out, but it’s not all gloom and doom. In fact, there were numerous cybersecurity achievements throughout the year that work to the benefit of businesses and individuals everywhere. Security researchers and analysts have been working hard to identify and neutralize new threats the moment they’re encountered.
More businesses are adopting robust backup and disaster recovery plans to remain resilient in the face of downtime, planned or unplanned. Operating systems and web browsers are improving their built-in security to stop threats sooner in the attack cycle. Phishing simulations and security awareness training for employees continue to improve business security postures by major percentages (up to 72%, per the report).
Nations and companies are working together to break down cybercriminal infrastructure. Even malware (for the moment) is trending gently downward. It’s clear from our findings that, with the right backup, training, and security layers working together to form a united defense against cyber threats, businesses and individuals can achieve true resilience, no matter what threatens.”

Clearly, the probability of your organization being infiltrated by an attack is very likely – and the cost can be deadly to any size business, especially SMBs. You may be wondering: What can my business do to protect ourselves from email threats and other bad actors? The answer is twofold…

Step One: Partner with the IT & Cyber Security experts at Computers Nationwide. We’ll evaluate your IT infrastructure to find your vulnerabilities and weak spots. From there, we will implement cutting-edge solutions from our industry leading network affiliates that will serve your business’ unique needs and requirements. Examples may include Managed IT, Managed Cyber Security, Disaster Recovery as a Service, and much more!
Step Two: Conduct a Cyber Security Awareness Training at your workplace. Education is an important addition to your first line of defense. Understand what you can do as a business owner to protect your business from a breach and teach your team the best practices for cyber safety. Not sure where to begin with a cybersecurity training program? Read our recent blog to learn more about end-user training!

Don’t let another day go by worrying that your business is vulnerable to attacks. Let’s be proactive together. 

Whether your workplace needs stronger cyber security, a data protection & recovery plan, or an overhaul to your entire IT infrastructure, Computers Nationwide will provide solutions tailored to the specific needs of your business!

Are you ready to protect your business from cyber criminals?

Let’s connect: (847) 419-9900

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Recent Posts