Email is a top vector for cybercriminals to breach your organization. In fact, email-borne attacks are responsible for more than 93% of breaches, according to Verizon's Data Breach Investigation Report. Before you can properly defend against such threats you need to understand their nature.
Here are three of the latest email threats facing your organization and what you can do to fight them.
Most people tend to associate email threats with traditional phishing, which leverages links to fake web pages to steal users’ credentials. But lately, advanced malware attacks have stolen the spotlight, and their capabilities are expanding. New forms of malware go beyond the banking trojans which are designed to steal money when a user accesses a corporate or personal bank account. Newer forms of malware can steal credentials, mine cryptocurrencies, and even choose what payload to deliver based on where the victim is in the world or what is on their computer. In any type of email malware attack, people are the trigger nearly 100% of the time. They must open the email and click on the attachment, enable a macro within a document, or click on a link and enter their credentials for the attack to succeed. An effective email threat defense should:
- Continually assess local and global IP addresses to determine whether to accept an email connection
- Identify and block potentially malicious content through multiple forms of detection, including static, behavioral, and protocol analysis
- Inspect every URL, as it is clicked, to make sure that it does not contain malicious content
- Provide detailed threat intelligence and forensics to security teams
2. Payload-Free Threats
Emails without attachments or links can still be dangerous. Their aim is to fool the recipient into disclosing sensitive information or carrying out fraudulent activities like unauthorized bank transfers. Email fraud or BEC (Business Email Compromise) cost businesses more than $12.5 billion from October 2013 to May 2018 according to the FBI. And these email threats are hard for most security products to detect. The best defense against email fraud is to use a tool that:
- Analyzes a wide variety of email attributes, such as sender/recipient relationship and sender reputation
- Conducts the analysis in a language-agnostic manner
- Quarantines incoming email separately to avoid end users falling victim through an email digest
3. Spoofed and Lookalike Domains
Unless you have the proper email authentication protection implemented, it’s very easy for cybercriminals to spoof the domains you own and send a seemingly legitimate email on your company’s behalf. When a recipient sees a “From” address they recognize, they may click on malicious email links and go to copycat sites, or worse yet, reply to the email and start a conversation with the fraudster. Lookalike domains registered by attackers are also used to try and trick the recipient into trusting an email. Both these tactics are often combined with spoofing the display name shown in order to add another implied layer of trust to the recipient.
An effective email fraud defense system can accurately detect who is sending email on an organization’s behalf so legitimate senders can be authorized and fraudulent emails blocked, as well as providing actionable intelligence about registered lookalike domains. This type of system, built on top of email authentication, provides a full view of inbound and outbound email traffic. Check out Proofpoint’s Email Authentication Kit to learn more.
Want to learn more about what email threats face your organization and how to build a strategy to combat them? Download our latest people-centric cybersecurity guide to find out.
Subscribe to the Proofpoint Blog