Email threats come in a variety of forms. With over 90% of security threats beginning with some form of email attack, it is imperative that organizations educate their users on these forms of attack and take steps to harden their networks against them. Three of the most commonly seen broad categories of email threat are Phishing, Ransomware, and Domain Name Spoofing.
Phishing is a psychological manipulation of users with the intent that they divulge sensitive information that the attacker can use directly or sell to others for malicious purposes. Such information might include login credentials, financial account access or balance sheet information, for example. An email phishing attack will typically come from an authentic-looking sender email address, and include a socially engineered body text. Believing the email comes from a trusted sender, the recipient opens and reads the email text, which entices them to click on malicious links or open infected attachments.
More specialized forms of phishing also exist, among them Spear Phishing and Whaling. In a spear phishing attack, the email purports to come from a trusted source, often within the employee’s own company. The term spear phishing means that the attack is highly targeted vs. an internet-wide phishing scam Since confidential data is routinely shared inside a company firewall between employees, this form of attack is especially insidious to corporations: users can be (and routinely are) tricked into sharing “inside” information.
Whaling is a form of phishing attack that tricks the recipient of an email into thinking that it comes from a high-level executive. Since legitimate email from corporate officers is treated with urgency, the user may overlook the risk in order to respond to what they perceive as something requiring immediate action. This may include the creation of a purchase order, or the approval of an urgent check that needs to be written.
Despite education conducted over the past few years and other efforts designed to make employees aware of the risks associated with fraudulent email, phishing attacks continue to be incredibly successful.
Over 90% of attacks begin with a phishing email, and the cost associated with a phishing attack is represented not only in terms of the money lost, but in lost productivity and potentially the loss of corporate reputation and customer confidence.
A typical ransomware attack attempts to access corporate data or systems, block authorized access to them, and hold them hostage until the organization pays a ransom of some form. This is a violent form of attack on a corporation: the trend is growing in popularity and the threats are becoming more and more sophisticated. Social engineering is in two ways in a ransomware attack: once within the body of an email to get the user to open a malicious attachment, and a second time to create the dread of what will happen if the ransom is not paid.
The number of ransomware attacks is increasing worldwide, which forces corporate IT teams to come up with innovative solutions to combat the threat. But email-based threats like ransomware are costly and difficult to fight with on-site solutions alone. With an on-site solution, by the time the existence of ransomware is known, the threat is already wreaking havoc across the network.
Once ransomware gains access to a company’s systems, it’s too late. In the best cases, only a few isolated computers are held hostage. But if shared network drives are present, the ransomware can propagate across entire corporate networks, quickly bringing the organization to its knees.
Domain Name Spoofing
Sometimes a hacking technique that involves little effort results in the most damage. In a spoofing attack, the hacker deliberately replaces the domain name or email address in the sender or reply to address of an email. This is very commonly seen in spam messages, but is also a powerful technique in phishing emails. When a user sees a “trusted” sender for example, they are more likely to click a malicious link in the email.
Another form of spoofing is changing the domain name in an embedded URL directly, swapping “paypal” with a final lowercase L to “paypaI” with a final uppercase I.
Domain name spoofing is very difficult to detect by eye, but detection software can very simply find such bogus links and warn the user when they are about to navigate to such a site.
Once serious result of URL or domain-name spoofing is identity theft. In this scenario, a user inadvertently clicks on a link that takes them to a site that appears identical to the site they expect to go to. This is typically a login page, in which the user enters their credentials. After the user logs on, the attacker has gained access to their account on real site. If the site is an online banking portal, huge amounts of damage can be done before the user is even aware of the attack.
DuoCircle’s Advanced Threat Defense Protects Against Email Attack
DuoCircle’s Advanced Threat Defense is a multi-layered approach to email threat protection that pulls all the features you need together in a single integrated solution to fight malware, ransomware, and phishing attacks. With Advanced Threat Defense, DuoCircle protects your employees (and your entire enterprise) from the threat of phishing, ransomware, domain name spoofing, and other forms of email threat. Our sophisticated classification engine detects and defends your entire organization against these threats in real-time, and with the highest possible level of accuracy.
Advanced Threat Defense from DuoCircle provides:
- Protection from malware and zero-day attacks, with 100% availability.
- Spam protection that eliminates 99% of all incoming spam with a false positive rate of less than one in ten thousand.
- Unlimited users and unlimited inbound message volume
- Protection against domain name spoofing
- Blocking of malicious attachments.
- Real-time activity logs, with access to the email queue and click reporting
- Smart Adaptive Quarantine, which puts the burden of sorting spam messages on the sender rather than the recipient.
- A thirty-day backup queue – 30 days of MX backup service included
- Chat, email and phone support is available 24/7
Email-borne attacks include ransomware, phishing, malware, and more, and they are becoming more common and more sophisticated every day. DuoCircle’s Advanced Threat Defense pulls together all the tools your organization needs in a single integrated solution to protect and defend your employees from these threats. Using an intelligent classification engine, we detect and these threats in real-time and defend against them with the highest possible level of accuracy. Ransomware is stopped in its tracks before it can wreak havoc on your network.