Site icon IT World Canada

Reducing the risk of email attacks

Shutterstock

Malicious emails are a major security risk for many organizations. Email remains an important communication method for most organizations even though personal communication is migrating more to text, Facebook Messenger, LinkedIn Message, WhatsApp and various Asian apps.
However, malicious emails at organizations continue to lead to data breaches and ransomware attacks that can be:

  1. Disruptive to business operations.
  2. Expensive to recover from.
  3. Embarrassing to the reputation of the organization.

Reduce email attacks

Organizations can significantly reduce the risk and serious damage of successful email attacks by:

  1. Training their employees to recognize suspicious emails and not respond.
  2. Implementing Advanced Endpoint Protection (AEP) on their internal network. AEP typically includes antivirus, firewall and proactive network traffic monitoring.
  3. Implementing spam filtering on their email servers to complement what their ISP is already doing.
  4. Turning on the spam filter on every workstation.
  5. Implementing two-factor authentication.
  6. Implementing challenge questions that only the actual employee can answer.
  7. Keeping their operating systems and browser software up to date on all internal network devices.

This blog describes the major types of malicious email attacks.

Phishing attacks

Fake Email

Phishing attacks consist of fake emails sent to unsuspecting employees. Each email contains a link to a website controlled by the attacker. The goal of phishing emails is to acquire the login credentials of your employees as a prelude to impersonating the employee or stealing their identity. See the example email at left.

When an unsuspecting employee clicks on the link, a web page appears. An example fake web page, that impersonates the TD Bank, is shown below.

You can tell it’s fake because, in the address line, TD Bank is not part of the domain name and because the web page does not use https for encryption as all banks and most other websites do.

The unsuspecting employee then enters their credentials to log in. However, no actual login will occur. The attacker captures the credential information and displays a confusing dialogue box about the server being down.

Login credentials have become more powerful in their capability. As the use of single login services to multiple applications and cloud-based tools and applications such as Microsoft Office 365, G Suite, Zoho, and ERP system increases, the potential disruptive impact of someone impersonating an employee has grown enormously.

Other examples of phishing attack emails include requests:

  1. For payment of a supposed outstanding invoice.
  2. To reset your password or verify your account.
  3. For verification of purchases you never made.
  4. To confirm billing information.

The attacker then uses the stolen login credentials to:

  1. Steal company data for resale.
  2. Initiate payment of fake invoices while impersonating the employee.
  3. Mount a ransomware attack.
  4. Clean out personal bank accounts using identity of the employee.
  5. Create horrific posts on social media that undermine the reputation of the organization and the employee.

Malware attacks

Malware attacks consist of fake emails sent to unsuspecting employees. The goal of every malware email is to lure the employee into double-clicking on an attachment icon. Masquerading as a document, the attachment is in fact a malware program, which if executed, can then propagate itself to many workstations and servers on the network.

The malware program communicates its successful infiltration to the control server of the attacker. The attacker will then use the malware program to initiate one of the following actions:

  1. A data breach of sensitive corporate data and personal information of customers and employees for resale.
  2. A ransomware attack by encrypting the files on the infiltrated network.

An example dialogue box that requests a ransomware payment and indicates the workstation has been encrypted is shown below.

WannaCry ransomware request

For more information about phishing, please read this article: Why your phishing defence strategy needs to involve humans, not just tech

What strategies would you recommend to reduce the risk of serious impacts of malicious emails? Let us know in the comments below.

Exit mobile version