Did you know that email is one of the top ways that criminals use to exploit businesses? You can’t take this topic lightly in your business. When it comes to email-borne threats there are ways to reduce the likelihood and prevent most issues rather than spending time (and money!) cleaning up after an attack.
Here are the top threats coming into your inbox that you need to be aware of:
*Macro virus: this is a virus that is written in macro language that is used by other software programs. Most often seen in Microsoft Word and Excel macros. This virus is spread through phishing emails containing attachments with malicious content which will them compromise the macros.
*Spambot programs: this is a virus that has been designed by cybercriminals for harvesting email addresses in order to build email lists for sending spam. This a way that the cybercriminals can collect email addresses and then use them to send email viruses.
*Email spam: a term that you may have heard before and it’s just that. These are unwanted emails that can spread malware via links or attachments that lead to malicious websites where the cybercriminal can steal your information.
*Virus hoax email messages: another term that is common. This is when emails contain a false warning about a threat that does not exist to trick the individual into clicking on the email or responding to which contains a virus. A lot of times the cybercriminals threaten the person to take some type of action which can also include forwarding the warning to others which can be a widespread virus.
Still the #1 cause of data breaches! This type of email threat is a way that cybercriminals trick victims into logging in or sharing sensitive information. Then once they have the information, they use it, or they sell it for others to use it for a monetary gain. Phishing emails can be tricky to decipher as the cybercriminals make them look almost identical to a real company’s email. For more information on phishing emails, we have a section of our services you can view here.
Business Email Compromise
This type of email attack is one that has become popular these days which is where cybercriminals are attacking employees directly. What happens is cybercriminals will create email accounts that look almost identical to the actual company and send emails to impersonate the CEO or other executives to trick accounting or human resources to transfer funds or send out confidential information. We have a blog dedicated to just this type of email scam, “Newest Fraud Attacking CEOs: All You Need to Know About CEO Fraud“.
Cyber BEC (business email compromise) scams are not going anywhere either unfortunately either. A statistic that was alarming that I found stated that between October 2013 and May 2019, more than $12 billion in domestic and international losses were attributed by the FBI to business email compromise scams (Symantec 2019).
Like using social media, leveraging an executive’s personal email account is commonly used as a way to gather information or to use as a more convincing business email compromise threat.
As you can see there are many types of email threats that can affect your business so you may be wondering what are the solutions? In order to properly inform you of all the email risks and security practices, I have to include some solutions to prevent these types of cyberattacks.
Top 3 Email Solutions are:
This is one of the main ways of applying a filtering system to your emails. There are many sets of protocols that are put in place to determine which of the incoming emails are spam and which are not. Some of the filters include content filters, header filters, rules-based filters, and permission filters.
Spam filtering is very helpful and can prevent many spam emails that have infected email attachments that can have viruses to reach your inbox. This type of filtering is an extra layer of protection for your inbox essentially.
User and Awareness Training/Testing
A big part of threats from email and other cyber attacks usually has something tricking employees on clicking on (Infosec 2020). This is why user and awareness training/testing is necessary for all businesses. These types of attacks can cost so much to the business and can be reduced by proper training.
Certain training is necessary so that employees are familiar with what phishing emails look like and other things to look for in case of a potential threat. Training can be in forms of test emails (where they do not know that it’s a test), live training, training videos, and procedures.
A new type of email security that is gaining traction these days is crowdsourced anti-phishing. Basically, businesses share threat information among themselves and are usually able to uncover advanced threats. If employees are trained properly they can also spot and report anything that looks suspicious. You can read more about our solution here.
I hope this blog covering all about email viruses and security practices for your business has opened your eyes to the importance of email security. It’s not fading away and is crucial for any business during these times. Can you imagine not having to worry about an email scam hitting your office again? Wouldn’t that be nice? Well, we know how to help you get to that point. Here at Triada Networks Team, we can give you an in-depth look at what we can offer your business for email security and address any questions you may have. Sign up for your free consultation today by contacting us online or calling 201-297-7778.
Infosec Resources. (2020). Security Awareness and Malware. [online] Available at: https://resources.infosecinstitute.com/category/enterprise/securityawareness/employee-security-threats/security-awareness-and-malware/#gref [Accessed 4 Jan. 2020].