Reducing the risk of email attacks

Malicious emails are a major security risk for many organizations. Email remains an important communication method for most organizations even though personal communication is migrating more to text, Facebook Messenger, LinkedIn Message, WhatsApp and various Asian apps.
However, malicious emails at organizations continue to lead to data breaches and ransomware attacks that can be:

  1. Disruptive to business operations.
  2. Expensive to recover from.
  3. Embarrassing to the reputation of the organization.

Reduce email attacks

Organizations can significantly reduce the risk and serious damage of successful email attacks by:

  1. Training their employees to recognize suspicious emails and not respond.
  2. Implementing Advanced Endpoint Protection (AEP) on their internal network. AEP typically includes antivirus, firewall and proactive network traffic monitoring.
  3. Implementing spam filtering on their email servers to complement what their ISP is already doing.
  4. Turning on the spam filter on every workstation.
  5. Implementing two-factor authentication.
  6. Implementing challenge questions that only the actual employee can answer.
  7. Keeping their operating systems and browser software up to date on all internal network devices.

This blog describes the major types of malicious email attacks.

Phishing attacks

Fake Email

Phishing attacks consist of fake emails sent to unsuspecting employees. Each email contains a link to a website controlled by the attacker. The goal of phishing emails is to acquire the login credentials of your employees as a prelude to impersonating the employee or stealing their identity. See the example email at left.

When an unsuspecting employee clicks on the link, a web page appears. An example fake web page, that impersonates the TD Bank, is shown below.

You can tell it’s fake because, in the address line, TD Bank is not part of the domain name and because the web page does not use https for encryption as all banks and most other websites do.

The unsuspecting employee then enters their credentials to log in. However, no actual login will occur. The attacker captures the credential information and displays a confusing dialogue box about the server being down.

Login credentials have become more powerful in their capability. As the use of single login services to multiple applications and cloud-based tools and applications such as Microsoft Office 365, G Suite, Zoho, and ERP system increases, the potential disruptive impact of someone impersonating an employee has grown enormously.

Other examples of phishing attack emails include requests:

  1. For payment of a supposed outstanding invoice.
  2. To reset your password or verify your account.
  3. For verification of purchases you never made.
  4. To confirm billing information.

The attacker then uses the stolen login credentials to:

  1. Steal company data for resale.
  2. Initiate payment of fake invoices while impersonating the employee.
  3. Mount a ransomware attack.
  4. Clean out personal bank accounts using identity of the employee.
  5. Create horrific posts on social media that undermine the reputation of the organization and the employee.

Malware attacks

Malware attacks consist of fake emails sent to unsuspecting employees. The goal of every malware email is to lure the employee into double-clicking on an attachment icon. Masquerading as a document, the attachment is in fact a malware program, which if executed, can then propagate itself to many workstations and servers on the network.

The malware program communicates its successful infiltration to the control server of the attacker. The attacker will then use the malware program to initiate one of the following actions:

  1. A data breach of sensitive corporate data and personal information of customers and employees for resale.
  2. A ransomware attack by encrypting the files on the infiltrated network.

An example dialogue box that requests a ransomware payment and indicates the workstation has been encrypted is shown below.

WannaCry ransomware request

For more information about phishing, please read this article: Why your phishing defence strategy needs to involve humans, not just tech

What strategies would you recommend to reduce the risk of serious impacts of malicious emails? Let us know in the comments below.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Yogi Schulz
Yogi Schulz
Yogi Schulz has over 40 years of Information Technology experience in various industries. Yogi works extensively in the petroleum industry to select and implement financial, production revenue accounting, land & contracts, and geotechnical systems. He manages projects that arise from changes in business requirements, from the need to leverage technology opportunities and from mergers. His specialties include IT strategy, web strategy, and systems project management.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight