Glossary of Email Threats
As 91% of all cyber-attacks start through email, we’ve put together a list of the most common email threats that businesses should be aware of:
- Spam: Unsolicited junk mail that is sent to a mass distribution as a form of commercial advertising, often for dubious products and get-rich-quick schemes. Nowadays, this is generally well defended against.
- Phishing: An email which falsely claims to be from a legitimate enterprise to obtain sensitive information, such as usernames, passwords or financial information, often for malicious purposes. From a business perspective, phishing has largely been overtaken by more targeted spear-phishing.
- Spear-phishing: For businesses, spear-phishing represents the most pressing danger due to its highly targeted and sophisticated nature. Spear-phishing attacks target specific individuals within a target organisation, often referring targets by their names and positions. Through clever social engineering tactics, recipients are convinced to download a malicious file attachment or click on a link to malware-laden or credential stealing website.
- Viruses: Code sent via an email attachment which if activated, can destroy files on your computer and potential resent the attachment to everyone in your address book. Fortunately, these are a diminishing threat for businesses thanks to anti-virus software and more commonly target home computers.
- Malware: Short for malicious software, it is the generic terms which relates to software designed to cause damage to your computer or steal as much information as possible. It includes viruses, spyware and ransomware.
- Ransomware: A type of malware that prevents or limits users from using their systems until a ransom is paid. More modern crypto-ransomware, such as Cryptolocker, encrypt files on infected systems and force users to make an online ransom payment to get a decryption key.
- Whaling: Derived from a big “phish” analogy, and also referred to as impersonation attacks, these targeted attacks are particularly threatening and damaging. Cyber-criminals often rely on social media sites, such as LinkedIn, to gather information and disguise themselves as the CEO, CFO or other senior executive. They then target a lower-level member of the organisation, often a controller or someone in HR, and convince them to initiate a wire or data transfer. A key part of the scam is to make the target react to the perceived power of the impersonated executive.
With email threats becoming increasingly sophisticated and the cost of data breaches increasing, improving the security of your systems has never been more important. Read our IT Security Guide for SMEs for more information.