9 threats to email security that you need to know

16 Mar

Businesses are under the constant threat of a cyber-attack from various types of email threats because cybercriminals are constantly evolving their tactics.

In this month’s blog we explain the most common email security threats, how they can affect your business and what you can do to ensure your email protection is working for you. Finally, you can use the handy email scanner tool to establish current threats to your mailbox.

“98% of organisations with Office 365 harbour malicious emails inside their mailboxes.”
(Organisations with 100+ mailboxes)
- Barracuda MSP

A person is using a laptop to send an email. — The Top 9
Threats To
Your Mailbox

There are many ways cybercriminals may try and infiltrate your business via email attacks with their techniques becoming increasingly sophisticated. Here we look at the top 9 email threat types so you can better understand the risks to your business.

“Through 2023, BEC attacks will continue to double each year to over $5 billion and lead to large financial losses for enterprises.”
- Gartner, March 2020

Spam

53%

Spam accounts for 53% of all email traffic.

Spam is the term for unsolicited bulk email messages. Spamming is a numbers game with spammers sending emails to millions of addresses hoping at least a few will succeed. Spam emails are used to harvest email addresses from victims’ address books, as well as to initiate further fraud through phishing, scams and malware.

Malware

94%

94% of malware is distributed through email.

Malware is malicious software and includes viruses, Trojans, spyware, worms and ransomware. Cybercriminals send out emails containing malware in attachments or with links to malicious websites where users are tricked into downloading the malware.

Phishing

36%

Around 36% of data breaches involve phishing.

URL Phishing is where malicious websites are set up to imitate legitimate sites with the aim of gathering sensitive information. Cybercriminals will use email phishing attacks to try and direct their victims to these sites.

Scamming

39%

Scamming accounts for 39% of all spear-phishing attacks.

Scamming emails use various tactics to attempt to defraud victims or persuade them to reveal sensitive and personal information. A type of spam, cybercriminals will send a scam email to millions of addresses with the hope that a small percentage are successful.

Spear-phishing

43%

43% of organisations said they had been victims of a spear-phishing attack.

Spear-phishing is a personalised form of phishing attack whereby cybercriminals research their targets before engineering an attack. They will then craft an email to impersonate a trusted colleague or organisation with the aim of stealing sensitive information that can be used to commit fraud and identity theft.

Impersonation

39%

Service impersonation is used in 39% of all spear-phishing attacks.

Domain and Brand Impersonation involves mimicking a trusted brand’s identity to trick victims into revealing sensitive information. Cybercriminals use domains similar to the legitimate domain in the hope that victims will not notice the subtle difference in spelling and assume they are genuine. Similarly, cybercriminals will use branding and styling in emails that gives the appearance of genuine emails.

Business Email Compromise

-$1.7b

BEC attacks caused over $1.7 billion in losses in 2019.

Business Email Compromise occurs when scammers impersonate an employee in an organisation and attempt to trick other employees or customers into transferring money or sensitive information. Another popular technique is to convince HR/payroll to change bank account details to steal an employee’s salary.

Conversation Hijacking

-$400k

Shark Tank’s Barbara Corcoran lost nearly $400,000 from a conversation hijacking attack.

Conversation Hijacking involves cybercriminals inserting themselves into, or initiating, business conversations with the aim of gaining sensitive information or stealing money. Attackers will monitor compromised emails to learn how the business operates before making their move.

Lateral Phishing

1 in 7

1 in 7 organisations has been the victim of a lateral phishing attack.

Lateral Phishing is where attackers send phishing emails from already compromised accounts to try and infiltrate more accounts. These are more effective than general phishing attacks as the emails come from legitimate email accounts that the victims are more likely to trust.

Two women sitting on a red couch trying on shoes in a shoe store. — Since Pinnaca set us up with
Barracuda Total Email Protection...

Mailboxes are now SPAM free, saving time.
No more sorting through non-urgent or unwanted emails.
Productivity has improved.
We can view and sort quarantined emails in our own time!
Our enhanced email security saved us nearly 50% on our Cyber Security Insurance.
- Pinnaca Client Testimonial, High Street Fashion Retailer.

BOOK A CALL BACK

How Cyber Attacks Can Affect Your Business

A colourful illustration of two people working on laptops with a padlock on the screen. — As well as the obvious financial impact of cyber fraud, there are other ways your business can lose money as a result of email attacks. From downtime due to account takeovers to recovery costs following ransomware attacks or simply loss of staff productivity through dealing with the sheer volume of spam received, a failure to implement an effective email defence strategy can be extremely costly.
Furthermore, attacks resulting in data loss or a data protection breach, according to a recent IBM report, costs an average total cost to businesses of $3.92 million.

There is also the reputational damage to your business to consider if your account is used to distribute malicious emails to customers in your address book, especially if this leads to additional attacks in their organisations.

The Solution is Total Email Protection from Barracuda

Pinnaca is partnered with Barracuda to offer multiple security products including Total Email Protection, a premium email security service that uses a multi-layer approach to defend your business from online threats. This strategy includes gateway defence, data protection, business continuity, AI-based inbox defence, and automated threat detection and incident response.

As well as protecting your systems from email threats, with Barracuda we can offer powerful web filtering solutions and security awareness training services to teach your employees how to better spot and deal with attacks.

Barracuda’s comprehensive protection package defends against even the most sophisticated email-borne threats combining a range of Barracuda security products:

Barracuda Essentials

Provides continuous cloud-based protection from email attacks, filtering and sanitising all emails before being delivered. Along with cloud-to-cloud backup, recovery and compliant archiving for Office 365 and exchange, Barracuda’s Advanced Threat Protection offers the ultimate in email security.

Barracuda Sentinel

Working alongside Barracuda Essentials, Sentinel uses an AI engine to learn your organisation's communications patterns meaning it can identify spear fishing and account takeover attacks in real-time to stop them getting through. Meanwhile, easy to set up DMARC ensures Sentinel’s domain fraud protection works to protect against domain spoofing and brand hijacking.

A woman sitting at a computer with the words forensics incident response. — Barracuda Forensics
+ Incident Response

Automate the process of identifying, investigating and responding to email attacks to stop them before they have a chance to spread. Among other features, Barracuda Forensics + Incident Response automatically uncovers phishing attacks, notifies affected users to change passwords and quarantines malicious emails. It also helps avert future attacks using Barracuda’s global intelligence network by quickly identifying previously identified threats and preventing them from entering your email environment..

Barracuda Managed PhishLine

An end-user security awareness training service and real-world phishing simulation to teach your employees how to spot, avoid, and report real-world attacks.

Barracuda Content Shield

A cloud managed web security solution offering robust content filtering to protect users, onsite or remote, from malicious sites, inappropriate content, and file-based threats.