Email is a very popular channel for business communication. Large troves of valuable and often important information are sent via email. However, email is not only a popular communication channel and a tool for work data exchange. Email services pose large amount of threats to business processes and are very often used for conducting cyber crimes as well.

Let’s have a closer look at typical email security threats.

Typical email threats and how to counter them

There is a number of different security threats, referring to email services usage, we will focus on some of the most typical ones:

• Domain spoofing
• Malware distribution
• Ransomware distribution
• Phishing

Most successful and efficient attacks are usually conducted when a few methods are implemented at once. 

Domain spoofing

This technique is used for tricking users in order to make him/her believe that, an email or a phishing site is legitimate, while it is not actually. In order to achieve their aim, intruders fake a website name or email domain. 

Malware and ransomware distribution

Emails often contain some links or files. Of course, it is typical if an employee receives some work document sent by a colleague or counterparty, for example.  However, quite often such links or attachments do not refer to work tasks and pose a great risk to users and organizations. Interaction with malicious files and following suspicious links may result into infection of a PC or even the whole infrastructure. Malware harms computers or networks and include, but is not limited to:

• Trojans
• Computer viruses
• Spyware
• Worms

Ransomware, in turn, is a kind of malware which blocks access to data and encrypts it. If a user wants to get the data back, he or she is forced to pay a ransomware.

Phishing

One of the most wide-spread security threat is phishing. Phishing has a lot of various forms, however, its main aim is to trick a user and make him/her to take some action. 

There are large-scale phishing campaigns which distribute relatively generic phishing emails to a large number of potential targets.

Another typical form of phishing is spear phishing, when individuals are very specifically targeted. This makes it much more difficult to defend against such kind of attack. Spear phishing emails are well-prepared in order to convince the victim that the message is legitimate. Such attacks’ targets quite often turn out to be high-profile users, chosen by intruders due to their job position, especially if their responsibilities also entitles them to conduct payments in any form.

It is worth noticing that a lot of phishing emails can be intercepted by appropriate monitoring systems, as they significantly mitigate the risk of security threats.

Recently, such functionality was added to the SearchInform DLP .

You may book a free 30-day trial here. However, it is of crucial importance that employees stay aware in security related issues. Organizing theoretical lessons, practical seminars, occasional phishing attack simulations, as well as implementation of specific training courses should help.