10 Email Threats Your Employees Should Know

Picture of Saxons Blog

Saxons Blog

Email is one of the most widely used communication channels in the world – however, with the high usage of email comes an increase in email threats. The sole purpose of these threats is to compromise the security of your business and steal sensitive information. We’ll explore 10 email threats that you should be aware of to keep your business protected.

Brand Impersonation

Brand impersonation is a type of email threat where an attacker impersonates a well-known brand or company to trick the recipient. The attacker may create a fake email address that looks similar to the legitimate email address of the brand. The email may contain a link to a fake website where the recipient is asked to enter their login credentials or credit card information, of the impersonator may directly request sensitive information.

Brand impersonation emails can be difficult to detect – and this is by design. Attackers want these email to look as legitimate as possible. However, there are some red flags to watch out for. Check the sender’s email address and look for any spelling errors or variations in the name of the brand. Hover over any links in the email to see where they lead. If the link looks suspicious, do not click on it. A common entity being impersonated for these scams is Microsoft, often in the form of an email requesting a user to change or provide their password.

Domain Impersonation

Also known as “typosquatting”, is similar to brand impersonation. But, instead of impersonating a brand, the attacker impersonates a domain. The attacker may create a fake email address that looks like it is coming from a legitimate domain. The email may contain a link to a fake website where the recipient receives a prompt to enter their login credentials or sensitive information.

Like brand impersonation, domain impersonation emails can be difficult to detect. However, there are some things you can do to protect yourself. Check the sender’s email address and look for any spelling errors or variations in the name of the domain. Hover over any links in the email to see where they lead.

Business Email Compromise

Business email compromise (BEC) is a type of email threat where an attacker impersonates a company executive or employee to trick the recipient into transferring money or sensitive information. BEC attacks can be difficult to detect because they are highly targeted and often use social engineering tactics. To protect yourself from BEC attacks, be suspicious of any email that asks you to transfer money or provide sensitive information. Verify the identity of the sender by calling or emailing them directly, using contact information from a trusted source.

Account Takeover

Account takeover is a type of email threat where an attacker gains access to a user’s email account and uses it to send malicious emails. The attacker may use the user’s email account to send phishing emails or spread malware. Furthermore, account takeover can be difficult to detect because the emails appear to be coming from a legitimate source.

To protect yourself from account takeover, use strong passwords and enable two-factor authentication. Be suspicious of any emails that ask you to provide sensitive information or click on a link.

Extortion

Extortion is a type of email threat where an attacker threatens to publish sensitive information or images unless the recipient pays a ransom. The attacker may claim to have obtained the information or images through a data breach or by hacking into the recipient’s computer or phone. Although, it should be noted that in many extortion email scams, the nefarious party does not actually have any sensitive information.

To protect yourself from extortion, do not respond to any emails that threaten to publish sensitive information or images. Report the email to the appropriate authorities and seek legal advice.

Lateral Phishing

Lateral phishing is a type of email threat where an attacker uses compromised email accounts to send phishing emails to other users within the same organisation or the compromised emails contacts. The attacker may use the compromised email account to send a phishing email that appears to be coming from the user. As with many other email scams, verify the identity of the sender by calling or emailing them directly to see if the request is authentic.

URL Phishing

URL phishing is a type of email threat where an attacker sends an email that contains a link to a fake website. The website may look like legitimate website – but it’s design is actually to steal sensitive information. These attacks are successful when a victim follows the email link to the malicious website and provides whatever information the website requests. Often, these links are disguised as password resets or identity confirmations for legitimate services.

To protect yourself from URL phishing, hover over any links in the email to see where they lead. If the link looks suspicious, do not click on it. If you must enter sensitive information, make sure that the website is secure and that the URL starts with “https”.

Spear Phishing

Spear phishing is an attack similar to “Phishing”, but where attackers send highly targeted emails to specific individuals or groups. This is opposed to the generic messages seen with Phishing. In addition, the spear phishing email may contain information that is specific to the recipient, such as their name or job title. The attacker may use social engineering tactics to trick the recipient into providing sensitive information or clicking on a link.

To protect yourself from spear phishing, be suspicious of emails that ask you to provide sensitive information or click links. Verify the identity of the sender by calling or emailing them directly, using contact information from a trusted source.

Conversation Hijacking

Conversation hijacking is a sophisticated type of email threat. Here, attackers use a compromised email account to intercept and reply to ongoing email conversations. The attacker may use social engineering tactics to trick the recipient into providing sensitive information or clicking on a link.

To protect yourself from conversation hijacking, be suspicious of any emails that ask you to provide sensitive information. Verify the identity of the sender by calling or emailing them directly, using contact information from a trusted source.

Spam

Spam is a type of email threat where an attacker sends unsolicited emails to a large number of recipients. The emails may contain links to fake websites or malware. Spam can be annoying and time-consuming to deal with.

To protect yourself from spam, use spam filters and do not respond to any unsolicited emails. Report any spam emails to the appropriate authorities.

 

Email threats are a serious concern for businesses and individuals alike. By being aware of the different types of email threats and taking steps to protect yourself, you can reduce the risk of becoming a victim. Remember to always be suspicious of any email that asks you to provide sensitive information or click on a link. Verify the identity of the sender and use strong passwords and two-factor authentication to protect your email account. 

Share this post on...
Facebook
Twitter
LinkedIn
Email Threats

LATEST POSTS

digital hygiene
Tech

Digital Hygiene Tips

Keeping good digital hygiene is an important aspect of being online. Below are 5 tips to keep in mind. 5 Tips for Good Digital Hygiene

Read More »

We provide a comprehensive range of IT solutions for Australian businesses

continuity

Business Continuity

Business Continuity is the planned process employed by companies to re-instate their business process. It details the procedures acted upon to ensure the continuance of essential functions during and post event.

connectivity

Business Connectivity

Business Connectivity is the underlying framework including applications designed to keep your business talking. It allows for fluid communication between project teams, clients and management.

mobility

Business Mobility

Business Mobility is the practice of IT strategy supporting work on any device or in any location. It allows for work to continue on the go, while reducing costs and promoting more open corporate culture.

relocation

Business Relocation

Business Relocation is the planning and implementation of new site operations. It allows for the seamless IT operation of new offices with zero downtime.

scalable

Scalable Solutions

Scalable IT Solutions allow you to only pay for what you use, with the ability to rapidly increase your resources in response to business growth or other changes.

security

IT Security

IT Security protects your data, business processes and IP from threats and intrusions, in a secure, enterprise-grade computing environment.