The Four Biggest Email Threats Your Business Faces Today
- by Brittany Day
Guardian Digital has identified more phishing emails in May of 2020 than in any month prior in the company's twenty-year history - here’s what you need to know to stay safe online in this time of uncertainty that has become the new business norm.
Email plays a more pivotal role in business operations than ever, and is by far the most popular attack vector among cybercriminals. Research shows that 95% of cyberattacks begin with a spear phishing email. The FBI has warned multiple times of complex COVID-19 related business email compromise (BEC) scams exploiting businesses' increased reliance on cloud email, misconfigured cloud platforms, and email users’ anxiety surrounding this crisis, and has emphasized the importance of fortifying cloud email with critical additional defenses.
In this article, we’ll examine the top exploits targeting cloud email users and explain how to protect against each of these threats.
Breaking Down the Four Most Significant Threats to Cloud Email Users
Email Threat #1: Phishing
Phishing campaigns are highly effective and easy for attackers to carry out - so it is no surprise that this notorious attack involving fraudulent communications which appear to come from a trusted source has dominated the email threat landscape for over a decade. Phishing campaigns leverage trust to gain access to sensitive credentials or to install malware on the target’s device.
Phishing attacks are on the rise, increasing by an astounding 65 percent and convincing 76 percent of business to take the bait in 2019. Modern phishing scams employ sophisticated social engineering techniques to manipulate psychology - making these attacks highly difficult to detect and avoid.
How To Protect Your Business From Phishing:
Combating phishing requires safeguarding the inbox against human error with multiple layers of intuitive, real-time protection. Defense-in-depth is crucial to staying ahead of social engineering and impersonation attacks - antivirus software and spam filters alone are no longer able to keep pace with cybercriminals’ sophisticated tactics. By thoroughly scanning all attachments and links for malicious code, our solution provides complete end-to-end phishing protection.
We’ve also assembled a list of tips and best practices to help you defend against phishing.
Email Threat #2: Ransomware
Ransomware has become one of the most widespread and well-known email-borne threats - these attacks have crippled governments worldwide and consistently dominate security news headlines. This dangerous type of malware is designed to block access to a computer system until specified ransom is paid to the attacker. A ransomware attack has the potential to shake a business to its core with significant downtime, recovery costs and often the loss of critical data.
Cloud systems like Office 365, Dropbox and Google are unprepared to safeguard users against emerging ransomware variants - and businesses are literally paying the price. More organizations than ever are getting hit with ransomware (often of the same type) multiple times. When it comes to ransomware, the cost of preventing this growing threat is significantly less than the cost of dealing with the unpleasant aftermath of an attack.
How To Protect Your Business From Ransomware:
The majority of ransomware is delivered via a phishing email - making effective phishing protection critical in safeguarding against ransomware. Ensure that you have an advanced cloud email security solution in place that analyzes the contents of every email delivered in real-time, scanning all attachments for ransomware and other malicious code.
Here is a list of other tips and best practices we’ve put together to help you defend against ransomware.
Email Threat #3: Email Account Compromise (EAC)
How certain can you be that the emails delivered to your inbox are really from who they say they’re from? Cyber thieves are employing social engineering techniques, phishing attacks, and other tricks to compromise email accounts and deceive victims into making a fraudulent financial payment. The email account compromise (EAC) scam works by compromising one account, then using the trust established between that account and those associated with that account to steal credentials that can be used to compromise other email accounts and coerce targets into unknowingly wiring funds to the attacker.
EAC is very difficult to recognize and highly dangerous due to the fact that in this scam malicious emails are typically sent directly from the compromised account owner’s computer, which has been authorized to send mail as that user. As a result, these fraudulent emails are not identified and flagged by any sender authentication protocols that the account owner has implemented.
How To Protect Your Business From EAC:
With an advanced, reliable email security solution in place, businesses can eliminate EAC risk - safeguarding their employees, their clients and their reputation. Combating EAC requires sophisticated methods that go beyond the implementation of traditional sender authentication protocols. Look for a solution that analyzes sender-recipient relationships, tracks domain reputation and age and uses intelligent filters to evaluate email headers, email content and envelope attributes.
Here are some other tips and best practices for preventing EAC.
Email Threat #4: Business Email Compromise (BEC)
Business email compromise (BEC), which describes an exploit in which an attacker obtains access to a corporate email account and sends fraudulent emails under the identity of the account owner in order to steal money, has generated losses of $26 billion worldwide. In addition to financial loss, a BEC attack can result in data theft and the obliteration of hard-earned client trust. Steve Baker, International Investigations Specialist for the Better Business Bureau (BBB), explains: “Businesses don’t want to talk about it; they’re embarrassed and don’t want to look vulnerable. But ask just about any organization and they’ll probably tell you they’ve received an email attempting some version of this fraud.”
How To Protect Your Business From BEC:
Similar to defending against EAC, preventing BEC attacks requires a multi-layered approach to security that includes the use of advanced sender authentication standards and protocols as part of a comprehensive cloud email security solution. We acknowledge the sophistication and complexity of this dangerous scam, and partner with each of our clients to understand the key people within their organization, their critical assets and their company’s operations in order to provide the level of protection required to combat BEC and other modern threats to business email.
Here is a list of some additional tips and best practices for preventing BEC.
For more advice on how to stay safe online in this frightening time, subscribe to our weekly Behind the Shield newsletter.
Stay safe, healthy and secure online!
- Effectively Securing Business Email Accounts: Are Employees the Weakest Link?
- Encryption: An Essential Yet Highly Controversial Component of Digital Security
- Business Email Security Redefined: Key Benefits of Securing Your Business Email with Guardian Digital
- 8 Business Email Security Best Practices
- Demystifying Email Encryption: Stop Sender Fraud
- Demystifying Phishing Attacks: How to Protect Yourself Now
- Demystifying Tax Fraud: How to Avoid Falling Victim to Deceptive, Costly Scams This Tax Season
- Coronavirus Phishing Scams are On the Rise - Is Your Business Email at Risk of Infection?
- Dave Wreski: Founder of Guardian Digital – Open Source Cloud Email Security
- New Ransomware Warnings: Is Your Business Safe from This Silent Threat?
- FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware
- Email Risk is Universal: Securing Business Email in Every Industry Sector
- How To Safely Navigate Office 365 While Working Remotely
- Tips and Advice for Staying Safe Online During COVID-19
- Why Your Business Needs Better Email Security
- Defending Against COVID Email Spoofing Attacks with DMARC
- You’ve Got Mail: How To Tell If It’s Fraud
- Open-Source Security Is Opening Eyes
- Think Like A Criminal: How To Write A Phishing Email
- The Four Biggest Email Threats Your Business Faces Today
- Everything On DocuSign Phishing Attacks in 3 Minutes
- Understanding Payload-Less Email Attacks in Under 3 Minutes
- Demystifying Fileless Malware in Less than 3 Minutes
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Apache SpamAssassin Leads A Growing List of Open-Source Projects Taking Steps to Correct Instances of Racism and White Privilege
- Cyber Risk Is Greater than Ever in the Legal Industry
- Understanding Malicious URL Protection - And Why You Need It to Secure Your Email
- Email Security for SMBs Beyond COVID-19
- Email Risk Is BIG for SMBs - How To Protect Your Business Now
- Email Threats By The Numbers: How Big Is My Risk?
- The Modern Email Threat Landscape: Where Traditional Defenses Fall Short
- Why Email Security Is More Important Than Ever in This 'New Reality'
- The Threat of CEO Fraud Extends Beyond the C-Suite
- Top Email Security Trends Putting Your Business at Risk of Attack
- Think Like A Criminal: What You Need to Know About Social Engineering Attacks in 2020
- Managed Services: A Key Element of Effective Email Security that Even Modern Solutions Lack
- How To Secure Your Remote Workforce: Advice from Leading Security Experts
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- AT&T Security Researchers Identify a Correlation between Strong Cybersecurity and Business Success
- The Aftermath of a Cyberattack Pt. 1: Phishing Recovery Basics
- It Pays to be Prepared! Ransomware Preparedness & Recovery Basics
- Breaking Down Fileless Malware: Anatomy of an Attack
- Office 365 Email Is Vulnerable to Attack Without These Critical Supplementary Defenses in Place
- Your Current Approach to Email Security May Not Be Enough
- Ways to Prevent Email Account being compromised in a Breach
- Celebrating 20 Years of Revolutionizing Digital Security
- IBM Closes its $34 Billion Acquisition of Red Hat
- Interview with Security Expert and Author Ira Winkler
- What is Phishing Email? How to prevent Phishing email scams?
- Ways Our Business Email Exceed Your Expectations
- Spear Phishing Protection - Definition & How To Recognize Spear Phishing Email
- What is Whaling (Whaling Phishing)? & How to Prevent Whaling attacks?
- Ransomware Attack Explained - Best Practices For Ransomware Protection
- Business Email Compromise (BEC) - Definition & Prevention From BEC Attacks
- Wire Transfer Scams Involving Real Estate Transactions: How to Prevent Fraud with Effective Email Security
- Guardian Digital and Mautic: A Dynamic Open-Source Duo
- Email Malware - How to Recognize & Prevent Malware Email Attack
- An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email
- What is Spam Email - Types & How to Prevent Spam Emails?
- Email Virus - Complete Guide to Email Viruses Plus Best Practices
- What Is A Zero-Day Attack & How To Prevent Zero Day Exploit?
- 2020: A New Decade of Digital Threats - Is Your Business Email Secure?
- Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020
- Email Security: Complete Guide on Email Protection & Types of Email Threats
- Guardian Digital Keeps its Customers Protected from Intel Design Flaw
- Security Spotlight: Open Source Email Security Solutions
- Top Six Advantages of Open Source Development/Products
- Python and Bash - Contenders for the most used scripting language
- Guardian Digital Outlines Top 4 Benefits of Choosing Cloud
- Unrivaled Protection Against Today’s Most Dangerous Threats
- Guard Your Email Accounts Against Today’s Most Dangerous Threats
- Security Highlights from Defcon 26
- Linux / Open Source FAQs: Common Myths / Misconceptions
- Email Security FAQs Answered by Guardian Digital
- Guardian Digital Mail Systems: Designed to be Secure Without Fail