Emails are a critical communication tool for many organizations. Every day, employees may receive or send dozens of emails to get project status updates, request important resources, or simply keep in touch with coworkers who are out of the office. In fact, according to research cited by Computer Weekly, “the number of emails sent and received each day will surpass 293 billion by the end of 2019.”
Considering that the global population is about 7.7 billion people (according to the World Population Clock as of November of 2019), that’s about 38 emails per person in the world.
While emails are an incredibly convenient communication tool, there are numerous email security threats that businesses have to contend with. What are these email security threats? How can you identify and overcome them? Here is a brief explanation of email threats and a short list of email security tips that can help IT managers overcome them.
Why Do Companies Use Email Security Solutions?
Your email is one of the most vulnerable parts of your organization. New email scams and attack methods come out daily as cybercriminals seek new ways to compromise business email accounts and commit fraud.
One of the most common security concerns related to your email system is phishing attacks. In these attacks, cybercriminals attempt to trick one of your employees into doing something—typically:
- Surrendering User Account Credentials. Many phishing attacks seek to trick victims into giving up sensitive account details, such as usernames and passwords—mainly by asking them to “reset” or “validate” their credentials in either in the very same email or by redirecting them to a website that may look like the official Microsoft site, but is a fake made to capture the user’s credentials once entered. If successful, these email scams allow the phisher to commit further acts of fraud using the stolen account credentials.
- Clicking on Malicious Software/Site Links. Another key goal for many phishing attacks is to trick the target into clicking on a link that will download malware to their device or send the victim to a malware-laden site. These attacks can have a wide variety of effects depending on the type of malware that gets downloaded.
- Approving Fraudulent Invoices. Some email scams try to trick people in an organization into approving a fake invoice so the scammer can make an immediate profit. Once paid, it can be very difficult to reclaim the stolen money. However, this is often secondary to the delivery of other malware. For example, most ransomware comes in any form of Office document, Word, Excel, PowerPoint, and any other file format that allows Macros. Once the victim is tricked into downloading and opening the fake invoice, several scripts can run on the machine without being noticed, it can download additional malware with a simple command in PowerShell, or open a backdoor for the adversary, or any other malicious activity.
The impact of email scams can vary depending on the type of attack, the size of your organization, and how prepared you are for dealing with phishing attacks in general. For example, say that an attacker manages to phish the user account details of an executive in charge of managing the company’s balance sheets or purchase orders. Using the access this would provide, the attacker could easily drain a significant portion of the company’s liquid assets with fake purchase orders or simply siphon them into an overseas bank account. Depending on what precautions have been taken to prevent large fund transfers, this could result in massive losses or very small losses.
How to Spot an Email Security Threat
One of the first steps in preventing email attacks is being able to recognize such attacks in the first place. Knowing how to spot email security threats helps you avoid them—or at least identify them quickly so security measures can be taken immediately.
To recognize email security threats, it’s important to know how they work. There are three primary categories of email attacks:
- Malware Delivery. The delivery of malware to your computer via email attachments or download links.
- Phishing Attacks. The use of trickery to deceive a target into taking an action that compromises email or business account security (this may or may not involve malware).
- Domain Spoofing. The use of a spoofed email domain to trick victims into believing that an email scam or attack is coming from a legitimate source.
Note that these attack categories are not mutually exclusive. For example, phishing attacks are often used to deliver malware and may use domain spoofing to trick recipients into thinking the email is being sent by a legitimate vendor or supervisor.
When trying to spot email security threats, there are a few things that you can do to detect them early—hopefully before a breach occurs:
- Using Basic Email Antivirus/Antimalware Programs. Using an antivirus or antimalware program to inspect incoming emails is a very basic precaution—one that every company should use. While this might not catch every threat, this email security solution does help to minimize risk and catch the majority of malware delivery attempts. In particular, having an email attachment or download file checker that scans files before they’re downloaded and executed can help stop malware delivery attempts in their tracks.
- Applying Behavior Monitoring Solutions to Your Network. Behavior monitoring tools track the activity of users and devices on your network and watch for abnormal activity. This can be a great way to spot a security breach caused by email scams and attacks quickly. Since attackers don’t necessarily know what’s normal, or are focused on causing harm/stealing information, their unusual behavior will trigger an alert from your email security software.
- Using Threat Intelligence Feeds to Identify Popular Email Scams. Threat intelligence feeds can provide valuable insights into your biggest security risks. Keeping an eye on these feeds helps you recognize frequently-used and new email scams alike so you can avoid them.
- Using Link Preview Solutions. Many email attacks use malicious URLs that lead unsuspecting targets to fake online storefronts or to malware-laden file downloads. Shortened URLs can disguise these links so they don’t appear malicious (reading as bit.ly/123456 instead of hahasuckerransomware.com, for example). Link preview solutions, such as wheregoes.com or urlscan.io, help you discover where these shortened links lead to so you can discover malicious links before you click on them.
These are just a few ways to detect email security threats early. However, there’s more to do to protect your business from email security threats.
Email Security Tips to Overcome Major Threats
What can you do if an email security threat has caused a breach at your company? Here’s a quick list of email security tips to follow:
- Try to Cancel Any Fraudulent Payments ASAP. If the email scam involved a money transfer or check, try to cancel it as quickly as possible. Many banks might hold onto large transactions for verification, or may be able to reverse a transfer if you act quickly enough—though there may be banking fees involved. It can also help to set up a transfer verification system ahead of time to prevent fake invoices from getting paid in the first place. For example, having the person in charge of paying invoices contact someone from a list of approved vendors prior to accepting an invoice to verify its legitimacy can help avoid fraudulent payments.
- Lock Down Compromised Email Accounts. Many email scams try to take over the target’s email or user account to try to spread further. One way to limit the impact of these kinds of email attacks is to immediately lock down the affected account so it can’t send any more emails. Doing the same for any compromised user accounts can also help to limit the damage.
- Send Out a Mass Notification about the Compromise. Warn your employees about the email attack so they know to avoid it. Including details, such as which email accounts have been compromised, can help put employees on their guard against phishing emails from those hijacked accounts. This, in turn, helps to protect other email accounts in the organization—limiting the potential damage. Using other internal communication channels, such as the company Facebook or Slack channel, can help with getting this notice out.
- Have a Disaster Recovery Plan in Place. Business continuity and disaster recovery (BC/DR) plans use remote data backups and other tools to ensure that the business can carry on normal operations after a data loss incident. Having these proactive measures in place before a breach makes it easier to recover from email attacks that leverage ransomware and other malicious programs that cause a loss of data.
- Set Strong Password Requirements. One way that some email attacks happen is that cybercriminals will be able to guess an employee’s email password because it is too simple or common. Enforcing strong password requirements, such as having eight or more characters, a mix of case-sensitive letters, special characters ($&%^@#*), and not using simple words or names of family members all help to create stronger passwords. It’s also important to educate employees not to share their passwords with others, and to change their passwords periodically.
- Leverage Two-Factor Authentication (Or More). Two-factor authentication (2FA) uses a secondary form of identity verification in addition to a password. These authentication schemes can make it much more difficult for an attacker to use stolen account credentials, since simply having the right password doesn’t give them the target’s thumbprint, mobile authenticator, or other secondary ID verification. This can help to prevent email accounts from being compromised when used. When more than two factors are used to verify identity, this is known as multi-factor authentication, or MFA.
- Providing Anti-Phishing Email Training. Many companies try to train their employees to recognize phishing emails so they can avoid falling for them. While this method isn’t foolproof (especially against really good spear-phishing campaigns that look just like legitimate communications), it can help to vastly reduce the rate of successful phishing attacks and improve employees’ speed of response when they do realize that a phishing attack has occurred.
- Conduct Imitation Phishing Campaigns. Another strategy that some companies use to counter phishing attacks and raise awareness amongst employees is to launch faux phishing campaigns of their own. When an employee falls for the fake phish, they are sent a message notifying them of the security failure and given advice on how to recognize fake communications in the future. Of course, it’s very important that these campaigns are structured in a way that avoids asking for protected personal information (as employees who fall for the fake phish might actually give it to you), using copyrighted logos/images, or other things that could cause legal issues. It may help to consult with your corporate attorney or with an attorney specializing in IT-related legal issues when constructing your fake phishing campaign to see what is or isn’t allowed.
These are just a few email security tips that IT managers can use to prevent or minimize the impact of email security threats. If you want to learn more about security threats and how to counter them, please subscribe to the Knogin blog!