SecurityFocal
Emails are a critical part of everyday life and play a significant role in our professional and personal life. However, since its inception, Emails have been a primary attack vector, and attackers have utilized them for ages to exploit organizations and individuals alike. In this post, we will be covering the types of email attacks and what you can do to stay protected.
As per FBI internet Crime Report 2020, Emails were the primary vector of attack, with Phishing alone accounting for 241,342 attacks which more than doubled compared to 2019.
Following are the primary types of Email attacks:
1. Spam Email attacks
Spam emails are unsolicited bulk email messages, which are also known as junk emails. Spammers send spam emails to millions of addresses, expecting that only some will respond to the message. Spammers can gather email addresses from different sources, including contact scraping, online directory listings, etc.
The objective of spam emails is to make a profit. Mass email sending is cheap and easy, and even if one person in a million responds, it’s still worth it for the spammer.
Some spam emails are scams, while Cybercriminals use others to conduct email fraud.
As per the latest statistics published by Cisco, more than 84% of all the global email traffic is Spam. The average Daily Spam Volume observed by Cisco was around 200.24 billion for May 2021, which was 127% higher than the last month (April 2021). Interestingly US was the origin of most spam messages (9.7 Billion Spams), followed by the UK (8.7 Billion), Germany (8.7 Billion), and Canada (8.6 Billion)
2. Malware Emails
Cybercriminals use email as the primary attack channel. They can use Email to deliver documents containing malware, aka malicious software. An attacker can hide the malware directly in the document or in an embedded script to download it from an external website.
This malware may include Trojans, Spyware, Ransomware, Adwares, Rootkits, Viruses, or Worm.
Trojan (aka Trojan Horse)
A trojan is a malicious software that disguises itself as legitimate software. Cybercriminals and hackers employ Trojans to open a backdoor and gain access to users’ systems.
Spyware
Spyware is malicious software that infiltrates into your computing device intending to track and sell your internet usage data, capture your bank account information, credit card details, or steal your identity.
Ransomware
Ransomware is a modern malware that restricts (encrypts) user access to the system resources like the personal files or the entire system and demands a ransom to give the access back.
The modus of these payments are typically cryptocurrency or credit cards. Sophisticated groups of Cybercriminals, including programmers and skilled negotiators, operate Ransomware.
CovidLock ransomware is an example of these attacks. Cybercriminals have widely exploited fear concerning the Coronavirus (COVID-19).
An email came to victims with the URL hxxp://coronavirusapp[.]site/mobile.html, which portrays itself as a download site for Android application to help track the coronavirus spread across the globe. This app was Android ransomware, which locked the victims out of their device and asked for ransom to unlock it.
Adware
Adware is malware that automatically delivers advertisements. It’s an acronym for advertising-supported software. Most Adwares are either sponsored or authored by advertisers, and they serve as a revenue-generating tool.
Also, it’s common for adware to come bundled with spyware capable of tracking user activities and stealing information.
RAT or Remote Access Trojans
A RAT is malware designed to provide unauthorized remote access or control of a system without being detected by users or security programs. Once a RAT is installed, it is possible for the Cybercriminals to remotely execute files, access/steal information, change or modify system configurations, install concealed malware, or control the computer as part of a botnet.
Virus
A computer virus is a malicious code or program that alters how a computer operates and spreads from one computer to another. The virus attaches itself to a legitimate program or document supporting macros to execute its code and typically requires user actions (opening a file, running a program, etc.) to spread.
Worms
A Worm is a malware that replicates itself to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. The main difference between Virus and Worm is that a Worm does not require user actions to replicate itself.
3. Email Bombing
An email bomb is a denial of service attack (DoS or DDoS) against an email server, intending to make email accounts unusable or cause temporary network downtime.
A DDoS attack uses Bot Networks to overwhelm the recipient’s defense system. You can refer to our earlier post to understand Bot Networks, how they work and how to stay protected.
Modern email bombs are highly sophisticated and can overwhelm most Anti-spam solutions. Email Bombing can devastate employees’ email inboxes and temporarily disrupt an organization’s ability to communicate.
Cybercriminals may also use email bombing to cover important emails about Bank activities from the victim to make fraudulent online transactions. Spamming the victim’s inbox will distract from the actual damage going on behind the scenes.
4. Phishing Attack
A Phishing attack is an attack where a Cybercriminal pretends to be a reputable source and targets multiple individuals using emails to reveal sensitive information or deploy malware.
Phishing is one of the oldest types of cyberattacks, dating back to the 1990s. It is still one of the most widespread and detrimental, with phishing messages and techniques becoming more and more sophisticated in time.
Following is an example of a phishing email:
Phishing attacks have spread across other electronic channels like phone, SMSes, Whatsapp, Telegram, and social media.
Vishing is the use of phone calls for fraud by tricking people into transferring money or sharing personal information like bank account details or one-time passwords. It is also known as Voice phishing, telephone scams.
The Cybercriminal may ask you to donate for charity, offer a free vacation, buy an extended warranty, etc.
COVID-19 and Phishing
Threat actors are trying to take advantage of the coronavirus pandemic by tricking people using messages pretending from health agencies, government, hospitals, etc. You may get a mail or call using a fake caller ID to appear more legitimate.
5. Scamming
Cybercriminals use fraudulent schemes to dupe victims or steal their identities by tricking them into disclosing personal information. Some examples of scamming include fake
job postings, inheritance notifications, investment opportunities, lottery prize, and fund transfer
6. Spear Phishing
Spear Phishing is a highly focussed attack where the attacker engages the victim using electronic communication (Email, Text Message, a call), pretending to be a trusted entity with the end goal of exfiltering sensitive information, fund transfer, or installing malware.
Spear phishing uses a combination of Email Spoofing, dynamic URLs, and drive-by downloads to bypass traditional defenses.
Email Spoofing
Spoofed emails use email headers to mask the true origin of the Email. The sender address looks legitimate on the surface but is different than what it appears.
For more details regarding Spear Phishing attacks, please refer to our earlier blog post.
7. Business Email Compromise (BEC) Attack
Business Email Compromise attack is where an attacker spoofs an email or text from a higher management executive such as a CEO and trick other employees to ask for an urgent fund transfer or sensitive information. BEC attacks may lead to a massive malware attack, financial loss, or data loss for the organization.
As reported by Forbes, the Toyota Boshoku Corporation, an auto parts supplier, was the victim of a social engineering and BEC (Business Email Compromise) attack in 2019 and lost around USD 37 million. Attackers, using persuasion, persuaded a finance executive to change the recipient’s bank account information in a wire transfer.
8. Whaling attack
Spear Phishing attacks that target high-profile individuals are known as Whaling attacks. Whaling attacks typically target C-level individuals.
Whaling attacks are highly successful because individuals at higher levels are under pressure to make decisions quickly. Added with the sense of urgency in the communication and masquerading as a trusted individual makes them fall easily into the trap.
“Shark Tank” judge Barbara Corcoran was duped nearly $400,000 in an email scam that tricked her staff.
Corcoran mentioned that someone acting as her assistant sent an invoice to her bookkeeper for a renovation payment. She told People that there was “no reason to be suspicious” about the Email since she invests in real estate. Thus the bookkeeper wired $388,700 to the email address.
9. Extortion aka Sextortion
In an Extortion attempt, hackers send emails to a potential victim, claiming that they have compromising photos or videos.
Some of the emails will mention that the user’s computer was hacked, which allowed the hacker to take control of the webcam. Usually, they claim that they have recorded the victim naked while visiting porn sites. They also claim to have access to all victim contacts. Further threatening, that if the extortion amount is not paid, they will send the photos and videos to all the contacts.
10. Clone Phishing aka Conversation Hijacking
In a Clone Phishing attack, attackers resend the copy of an earlier legitimate email by replacing the link or attachment with a malicious one. The Email is typically spoofed and maintains it’s just a resend.
When a victim succumbs to the Email, the attacker can forward the same forged Email to another contact from the victim’s inbox. That makes it one of the most dangerous of the Spear Phishing attacks.
11. Email Account Takeover
Email Account Takeover is a variation of the Business Email Compromise (BEC) attack. Instead of directly attacking the target organization, the Cybercriminals will first get access to a trusted third party’s email account to breach the target.
It is also known as the Vendor Email Compromise (VEC) attack.
12. Data Exfiltration
Emails are a primary channel used for data exfiltration. Data exfiltration can be defined as the act of sensitive data deliberately being moved to outside the organization’s perimeter without permission. Data exfiltration can be done by the employees knowing or unknowingly.
For example, a disgruntled employee can send sensitive data to his personal email id. Another employee can be tricked into it through a Phishing or Spear phishing attack.
How to protect your employees from Email attacks
Unfortunately, there is no full-proof method to block all Email-based attacks; however, by following the tips below, you can significantly reduce the risk of Email attacks:
1. Use modern Anti-spam/Anti-Phishing solutions
Consider a solution that can detect and block Spam and spear-phishing attacks like Business Email Compromise. Machine learning and AI-based solutions can pick anomalies indicating an advanced attack and neutralized the threat effectively.
Also, routinely update/upgrade and audit the anti-spam/anti-phishing to ensure that the required features are enabled and working as expected.
2. Develop strong Standard Operating Procedures (SOP)
Build robust standard operating procedures, especially for fund transfers to any external account and dealing with sensitive data/financial information.
3. Use Anti-spoofing and DMARC
Use features like Anti-spoofing and DMARC to reduce the likelihood of spoofed mail landing in your mailbox.
4. Use a DDoS protection service
Subscribe to a good DDoS protection service from any reputed provider. Several high-quality services are available from Cloudflare, Akamai, Radware, etc.
5. Train your employees
Conduct training sessions with regular mock automated phishing drills. Security awareness training will enable individuals to pick the signs of a spear-phishing attack and take appropriate actions.
6. Trust your gut feeling
Always trust your gut feeling if anything feels off or suspicious and always revalidate. If you get an email or a call from an institution you do business with, like your bank, asking for personal information (e.g., Bank account numbers, Social Security numbers, etc.), revalidate it.
Find that institution’s number, and reach out. If the Email or the call you received was a fraud, please make sure to report it.
7. Share limited information on public platforms
Educate employees about the threats of oversharing their personal information on social media networks like Linkedin, Twitter, or Facebook. The less the bad guys know, the better.
8. Beware of prize or reward offers
Be very cautious if you receive an email regarding prize or reward offers. Do not pay any fee if asked for prizes or rewards offered by Email or phone.
9. Use a DLP solution
A DLP solution can effectively protect sensitive information from going out of your corporate network using the Email channel.
DLP stands for Data Loss Protection, and several good DLP solutions are available in the market. Alternately most Email Security Solutions offer some DLP. You can use the functionality to reduce the risk of data loss.
We hope you liked this information related to types of email attacks and the tips to stay protected. Please do share your thoughts and suggestions with us.
One comment
Pingback: What is Fuzzing: Types, Advantages & Disadvantages | SecurityFocal