IT Support &
Business Software

Glossary of Email Threats


As 91% of all cyber-attacks start through email, we’ve put together a list of the most common email threats that businesses should be aware of:

  • Spam: Unsolicited junk mail that is sent to a mass distribution as a form of commercial advertising, often for dubious products and get-rich-quick schemes. Nowadays, this is generally well defended against.
  • Phishing: An email which falsely claims to be from a legitimate enterprise to obtain sensitive information, such as usernames, passwords or financial information, often for malicious purposes. From a business perspective, phishing has largely been overtaken by more targeted spear-phishing.
  • Spear-phishing: For businesses, spear-phishing represents the most pressing danger due to its highly targeted and sophisticated nature. Spear-phishing attacks target specific individuals within a target organisation, often referring targets by their names and positions. Through clever social engineering tactics, recipients are convinced to download a malicious file attachment or click on a link to malware-laden or credential stealing website.
  • Viruses: Code sent via an email attachment which if activated, can destroy files on your computer and potential resent the attachment to everyone in your address book. Fortunately, these are a diminishing threat for businesses thanks to anti-virus software and more commonly target home computers.
  • Malware: Short for malicious software, it is the generic terms which relates to software designed to cause damage to your computer or steal as much information as possible. It includes viruses, spyware and ransomware.
  • Ransomware: A type of malware that prevents or limits users from using their systems until a ransom is paid. More modern crypto-ransomware, such as Cryptolocker, encrypt files on infected systems and force users to make an online ransom payment to get a decryption key.
  • Whaling: Derived from a big “phish” analogy, and also referred to as impersonation attacks, these targeted attacks are particularly threatening and damaging. Cyber-criminals often rely on social media sites, such as LinkedIn, to gather information and disguise themselves as the CEO, CFO or other senior executive. They then target a lower-level member of the organisation, often a controller or someone in HR, and convince them to initiate a wire or data transfer. A key part of the scam is to make the target react to the perceived power of the impersonated executive.

With email threats becoming increasingly sophisticated and the cost of data breaches increasing, improving the security of your systems has never been more important. Read our IT Security Guide for SMEs for more information.


Josie Sullivan Leroy Reid & Co

Very helpful in supplying the system required with very little down time. Personable and professional in guiding us along the right path. Nothing is too much for them.

David Halloway Southern Testing

Support with a sense of fun!

Carmel Clarke Kingswood Controls

Professional and extremely helpful. PCR will go above and beyond to resolve any IT problems that you may have.

Max Somper Metamark

PCR are very much on the same page as ourselves. They're very flexible, pragmatic about response, efficient, and they've always been the best choice for us as a business.

Keith Faulkner Brainwaves Books

Over the years, I've seen PCR grow and develop, but their attitude and customer service has never altered. The quality of their service remains constant.

Alex Arscott Richard Russell Panels

A good honest company we've dealt with since the year dot.

Contact us now