Approximately, 319 billion emails are sent and received daily and this figure is expected to increase to 376 billion by 2025. That’s a lot of emails! But let’s be honest despite this staggering figure emails are, and will remain to be, a key function of your business. All it takes is one interception for a perpetrator to get hold of your login details, or place a malicious link or piece of software to compromise your business.
Common types of email phishing attacks
Let’s take a look at four of the most common types of email phishing attacks which could occur to your business:
What is Email Bombing?
Email bombing is a tactic used by cybercriminals when an account has been compromised, for example, the perpetrator has acquired your login details during a breach. A victim’s inbox will be flooded with an innumerable amount of emails rapidly filling up their inbox. The real attack will be masked, such as confirmation emails for financial transactions using your account.
What Are Phishing Emails?
Phishing emails are a type of attack that tricks people into taking an action from emails and messaging services. This is done with malicious links or attachments.
Read also: How to Identify and Avoid Phishing Attacks
What is Spear Phishing?
Spear phishing is a specific type of phishing attack which is more advanced and directed at specifically targeted users. Cybercriminals impersonate a trusted entity to obtain confidential information or steal money.
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a specific type of phishing attack that uses social engineering and human vulnerability to gain access to sensitive data and information. BEC typically targets high-level executives, CEO, or managers in the HR or finance departments.
How To Protect Your Emails From Cyber-Attacks
There are several ways in which you could defend your business against cyber-attacks, but we are going to explore the following; implementing a multi-layered security approach and digitally signing and encrypting your emails.
Implement A Multi-layered Security Approach
A multi-layered approach can improve your resilience against phishing whilst minimising disruption and maximising the number of opportunities a email attack could be detected.
Start by making it difficult for attackers to reach users by implementing anti-spoofing controls, and filter or block incoming phishing emails. You should also consider what information is publicly available via tools such as your website or social media.
Then you should help educate users and employees how to identify and report suspected phishing emails and what steps to take should they suspect an email to be of an attacking nature.
Layer three should be about protecting your organisation from the effects of undetected phishing emails with the use of multi-factor authentication, regularly backing up files and important data, and reviewing processes which could be exploited.
Finally, respond quickly to incidents. Create an Incident Response Plan (IRP) and rehearse this so that people are aware of their responsibilities.
Digitally Signing and Encrypting Your Emails
Typically this would fall under the third layer, protecting your organisation. But let’s look at it in a little more depth. At the end of an email, you would sign-off with your name and core company details (website, telephone number etc.). But how does the recipient know that it’s you? And if sending important information via email, how does it remain untampered with?
In short, you don’t.
This is where a protocol called S/MIME, or Secure/Multipurpose Internet Mail Extensions, comes in.
S/MIME is built on Public Key Infrastructure (PKI) technology and is based on two cryptographic functions; digital signatures and encryption.
- Digital signatures - content is digitally signed with an individual’s private key and is verified by the individual’s public key
- Encryption - content is encrypted using an individual’s public key and can only be decrypted with the individual’s private key
Implementing S/MIME can automatically bring a host of security and administration benefits to your business and address the leading email attack vectors without requiring extensive user training or IT resources to deploy and manage.