Glossary of Email Threats - Email Security
As 91% of all cyber-attacks start through email, we’ve put together a glossary of email threats to outline the most common attacks your businesses should be aware of.As 91% of all cyber-attacks start through email, we’ve put together a list of the most common email threats that businesses should be aware of:
Spam
Unsolicited junk mail that is sent to a mass distribution as a form of commercial advertising. This is often for dubious products and get-rich-quick schemes. Fortunately, this is nowadays generally well defended against.
Phishing
An email which falsely claims to be from a legitimate enterprise to obtain sensitive information. For example, usernames, passwords or financial information. This is often used for malicious purposes. From a business perspective, phishing has largely been overtaken by more targeted spear-phishing.
Spear-phishing
For businesses, spear-phishing represents the most pressing danger due to its highly targeted and sophisticated nature. Spear-phishing attacks target specific individuals within a target organisation. They often refer to targets by their names and positions, using clever social engineering tactics. Consequently, recipients are convinced to download malicious attachments or click on links to malware-laden or credential stealing websites.
Viruses
Code sent via an email attachment which if activated, can destroy files on your computer. It can also potentially resend the attachment to everyone in your address book. Fortunately, these are a diminishing threat for businesses thanks to anti-virus software. They do however still target home computers.
Malware
Short for malicious software, this generic term relates to software designed to cause damage to your computer or steal information. It includes viruses, spyware and ransomware.
Ransomware
A type of malware that prevents or limits users from using their systems until a ransom is paid. More modern crypto-ransomware, such as Cryptolocker, encrypts files on infected systems. It subsequently forces users to make an online ransom payment to get a decryption key.
Whaling
Derived from a big “phish” analogy, and also known as impersonation attacks, these targeted attacks are particularly threatening. Cyber-criminals use social media sites, such as LinkedIn, to gather information and disguise themselves as the CEO, CFO or other senior executive. They then target a lower-level member of the organisation, often a controller or someone in HR, and convince them to initiate a wire or data transfer. A key part of the scam is to make the target react to the perceived power of the impersonated executive. In conclusion, email threats are becoming increasingly sophisticated. Moreover, the cost of these data breaches is increasing. Improving the IT security of your systems has therefore never been more important. For more information, read our recent post; How secure is your email? or simply give us a call.