Corporate email continues to rule in the world of business. Today, the average office worker receives 120 emails every day. While many of these emails pertain to business as usual, not every email is quite what it seems. Now more than ever, organizations are on the receiving end of advanced email attacks that aim to steal money, pilfer data or compromise systems.
An email attack occurs when email is used as an attempt to cause damage or harm to either an individual or an organization. Although the mechanisms of email-based attacks vary, the objective is almost always the same: steal money or data.
Email attacks can take many forms but are typically deployed by cybercriminals in order to steal money or data. In order to keep organizations secure, it is important that employees are able to recognize the most common types of email attacks and understand the potential impact that they could have.
Cybercriminals can leverage email in multiple ways to attack people and systems. There are a variety of tactics that range from being very broad to very targeted:
There are a variety of outcomes that can occur from the above email attacks. Here they are:
Phishing and BEC attacks are difficult to detect because cybercriminals are utilizing social engineering techniques in order to build trust. The attacker manipulates the target by posing as a trusted individual or organization and will oftentimes engage in a conversation over several emails, before requesting the target to divulge credentials, confidential data, or to wire money to an account they own. Social engineering is what contributes to the success of these attacks because attackers use convincing language to get people to act instinctively, not rationally. For example cybercriminals were able to access payroll information of 700 current and former employees at social media behemoth Snapchat by posing as CEO Evan Spiegel in an email and tricking a junior employee into sending them the confidential data.
Email impersonation can take on a variety of forms, such as display name impersonation where the attacker sets a deceptive display name on their email account, or spoofing where an attacker forges an email to make it appear as if it’s been sent from another email address.
Email authentication protocols such as DMARC, DKIM and SPF have been introduced over the years as an attempt to stop spoofing. The problem with these three protocols, though, is that many organizations have yet to adopt them and weaknesses can be exploited. For example, 80% of Fortune 500 companies do not have DMARC policies set up. As well, this email authentication only prevents an employee’s individual domain from being spoofed but it does not prevent them from receiving emails that have been spoofed. Finally, it’s easy for attackers to figure out which counterparties don’t have email authentication set up as DMARC records are publicly available.
Email attacks continue to cause sleepless nights for IT administrators everywhere. Although many organizations have implemented employee training programs into their security strategy, these programs often are not designed to account for human error. Human error is the main cause for the majority of data breaches, and it can easily occur because employees can become distracted or tired which leads to mistakes being made over email. The assumption that employees can become an effective line of defense after undertaking just a few hours of security training is unrealistic. Security teams need to implement the right technology to support employees without getting in the way of their day-to-day business.
Defending against targeted email-borne threats requires superior email security. Legacy tools have not been able to keep pace with evolving email attacks. Rule-based systems may be able to block simple impersonations, but struggle to detect more complex ones. Complex impersonation attacks cause more damage for organizations. It is time for organizations to adopt a more intelligent approach to inbound threats – one that understands historical email relationships and communication patterns, and can therefore, automatically detect anomalies and threats.
Tessian’s stateful machine learning engine learns the difference between normal and abnormal email communications. In real time, Tessian automatically prevents the most advanced forms of spear phishing, accidental data loss and data exfiltration. This ensures that organizations can stay ahead of attackers and protect the data that they hold most dear.