When Is A Phishing Email Not A Phishing Email? The Taxonomy Of Malicious Emails

By   ISBuzz Team
Writer , Information Security Buzz | Mar 23, 2017 05:15 pm PST

Malicious email attacks have dominated the security headlines in recent months, with 2017 already seeing large campaigns targeting Netflix and Amazon customers. Despite the number of incident however, many individuals and businesses alike don’t actually know what kind of attacks they are being hit by.

In order for a business to defend against malicious email attacks it is essential that they are able to identify whether they have been hit with a phishing, BEC or ransomware attack. According to the FBI, BEC scams have resulted in losses of £2.4 billion ($3.1 billion) as of May 2016. The effect of a malicious email attack can be devastating, it can lead to financial losses, reputational damage and worse. If one of your employees suspects they have received a malicious email, it needs to be reported to the IT department or a cyber security expert needs to be engaged. They will be able to identify the type of attack and put security in place to prevent any further damage.

To phish or not to phish?

 The differences between the content and the methods used to deliver these email attacks can be subtle. If you are aware of them, you might just save yourself and your organisation financial and reputational damage. A consumer phishing attack, sometimes called a scattershot attack, is sent out to many people, in the hope that one of the less security savvy targets opens it. The email addresses are cleverly spoofed and the imposter uses a fake domain name to create a false identity.

Often an attacker will impersonate a known and trusted brand’s domain and send malicious emails to their customers. Because the email appears to be from a known and trusted sender, a number of customers will open it and likely be asked to follow a link. The link will often redirect them to a fake website where they may be asked to enter or confirm login credentials.

Business email compromise or BEC attacks, on the other hand, can come from either an imposter or from a legitimate but compromised account. These types of attacks typically use social engineering methods to create ‘believable’ content for a fraudulent email. They are also extremely targeted, being sent to a few, very specific people for example, financial controllers or HR managers of a company.

Ransomware attacks are typically sent from an imposter; however, they can also come from a compromised account. Like BEC attacks, they are often targeted and use social engineering techniques to create ‘believable’ content that convinces people to open a malware-infected document or click on a malicious link.

Thanks to the huge volume of emails arriving every day, it can be difficult to differentiate between truly malicious emails and “grey mail”. These are annoying emails which fill up our inboxes or spam folders but are usually harmless, such as newsletters and advertisements. Over time your email authentication software will learn which domains are malicious and which are just grey mail.

Prevention is better than cure

 There is no one solution which can prevent all malicious email attacks. Email authentication is an essential component to achieving a trusted email channel, it will not stop all attacks, though.

To defend against all email attacks organisation’s need to implement a multi layered security system. Using authentication technology which can identify and confirm the sender is more effective than using a programme which bases its decision on what to do with an email on its content. Over time the software begins to recognise increasing numbers of email addresses and domains and remembers previous actions taken for each one. This type of email solution will go a long way to protecting an organisation and its employees against malicious email attacks. Unfortunately, if an attacker gains access to an employee’s genuine email account and uses it for malicious purposes, this type of activity can only be detected by targets noticing that the message is out of character or going against policy.

Each attack requires its own solution – there is no ‘one size fits all’ approach to preventing cyberattacks. By understanding the techniques, targets and motivations behind each kind of malicious email, businesses can be better prepared to understanding the solutions that will prevent them.

[su_box title=”About Markus Jakobsson” style=”noise” box_color=”#336588″][short_info id=’100097′ desc=”true” all=”false”][/su_box]

Recent Posts