The best place to hide a book is in a library. The most ideal place to hide a leaf is in the forest. And the best way to hide a suspicious email? In plain sight. Email security fraud is now so common that most internet users are now aware of basic hacker tricks, such as frequent misspellings and suspicious links. Yet even so, phishing emails are a top point of entry for ransomware, making up 54 percent of digital vulnerabilities in 2020.
But what about the email security threats that aren’t as common? These types of threats can be even more successful because they aren’t as well known.
Here are six hidden threats of corporate email, some of which you may have heard or thought of and others perhaps you haven’t.
1.Unintentional acts by authorized users – Email security threats aren’t always intentional. Sometimes, they come from well-meaning corporate employees who simply make a mistake. Authorized users may accidentally send sensitive information via email to someone they trust (or who is acting as someone they trust), potentially exposing the organization to risk and potential brand reputation. That’s why it’s so important to train users on what types of information should and should not be shared through specific channels like email.
2.Improper Management Controls – Having properly defined management security controls is crucial for any organization. These controls could include company-wide security policies and processes, change control and configuration management, scheduled risk assessments, and contingency planning, and recurring annual or twice annual training for all employees, among other safeguards. Without these safeguards, employees are at risk of social engineering attacks like phishing, whaling, or ransomware.
3.Ransomware – Ransomware email messages contain or point to a common hacker tool: malware. This particular type of malware is designed to encrypt files and documents. Once they are encrypted, ransomware attackers contact the affected individual and demand payment for recovery for their locked information. Ransomware may be less common than other social engineering attacks, but it can have hefty consequences. It is never advisable to pay for ransomware. Instead, work with law enforcement and cybersecurity experts.
4.Authentication Attacks – Sometimes, a hacker’s target is the email inbox itself. During authentication attacks, hackers attempt to break an email server’s authentication and gain access directly to email messages and attachments stored in that server. They then have access to do with that information what they will. That’s why it’s important to ensure your authentication methods are rock-solid.
5.Whaling – You’ve probably heard about phishing, a type of social engineering in which hackers pretend to be from reputable companies so that they can encourage unsuspecting victims to give up personal or sensitive corporate information. But have you heard of “whaling?” While hackers may not be choosy about who they target, scammers who ”whale” set their sights higher, targeting high-level executives in corporate organizations. And, they do their research. Whaling often relies on publicly-available information like that available on social media profiles to build credibility with the target. See our recent blog for more details on how to combat this common threat.
6.DDoS and Bot Attacks – Email security can be a warzone. With malicious bot and DDoS attacks, hackers can use hijacked botnets to send huge amounts of emails to an organization with the goal of crashing the email server due to system overload. Typically, web servers come under attack for B2C (business-to-customer) organizations that generate eCommerce sales, whereas email server attacks are commonly run on email servers, as this is where sensitive corporate information regarding sales and other information changes hands. This is where spam filtering becomes increasingly important.