Malicious emails can lead to data breaches and ransomware attacks

Yogi SchulzMalicious emails are a significant cybersecurity risk for many organizations. Email remains an important communication method for most organizations even though personal communication is migrating more to text, Facebook Messenger, LinkedIn Message, WhatsApp and various Asian apps.

However, organizations continue to receive malicious emails that lead to data breaches and ransomware attacks that are:

  1. Disruptive to business operations.
  2. Expensive to recover from.
  3. Embarrassing to the reputation of the organization.

Organizations can significantly reduce the risk and severe damage of successful email attacks by:

Related Stories
How to reduce the risk of phishing attacks

Protect yourself from financial phishing

Why website trackers are dangerous for Canadians

  1. Training their employees to recognize suspicious emails and not respond.
  2. Implementing Advanced Endpoint Protection (AEP) on their internal network. AEP typically includes antivirus, firewall and proactive network traffic monitoring.
  3. Implementing spam filtering on their email servers to complement what their Internet service provider (ISP) is already doing.
  4. Turning on the spam filter on every workstation.
  5. Implementing multi-factor authentication (MFA).
  6. Implementing challenge questions that only the actual employee can answer.
  7. Keeping their operating systems and browser software up to date on all internal computing devices.

The major types of malicious email attacks are:

Phishing attacks

Phishing attacks consist of fake emails sent to unsuspecting employees. Fake emails contain a link to a website controlled by the attacker. Phishing emails aim to acquire your employees’ login credentials as a prelude to impersonating the employee or stealing their identity.

When an unsuspecting employee clicks on the link, a web page appears. An example fake web page that impersonates TD Bank is shown below. You can tell it’s fake because, in the address line, TD Bank is not part of the domain name and because the web page does not use HTTPS for encryption as all banks and most other websites do.

The unsuspecting employee then enters their credentials to log in. However, no actual login will occur. The attacker captures the credential information and displays a confusing dialogue box about the server being down.

Login credentials have become more powerful in their capability. As the use of single login services to multiple applications and cloud-based tools and applications such as Microsoft Office 365, G Suite, Zoho, and ERP system increases, the potential disruptive impact of someone impersonating an employee has grown enormously.

Other examples of phishing attack emails include requests:

  1. For payment of a supposed outstanding invoice.
  2. To reset your password or verify your account.
  3. For verification of purchases you never made.
  4. To confirm billing information.

The attacker then uses the stolen login credentials to:

  1. Steal company data for resale.
  2. Initiate payment of fake invoices while impersonating the employee.
  3. Mount a ransomware attack.
  4. Clean out personal bank accounts using the identity of the employee.
  5. Create horrific posts on social media that undermine the reputation of the organization and the employee.

Malware attacks

Malware attacks start with fake emails sent to unsuspecting employees. Every malware email aims to lure employees into double-clicking on an attachment icon. Masquerading as a document, the attachment is, in reality, a malware program that, if executed, can propagate itself to many workstations and servers on the network.

The malware program communicates its successful infiltration to the attacker’s control server. The attacker will then use the malware program to initiate one of the following actions:

  1. A data breach of sensitive corporate data and personal information of customers and employees for resale.
  2. A ransomware attack by encrypting the files on the infiltrated network.

For more information about phishing, read this article: Why your phishing defence strategy needs to involve humans, not just tech

Yogi Schulz has over 40 years of information technology experience in various industries. Yogi works extensively in the petroleum industry. He manages projects that arise from changes in business requirements, the need to leverage technology opportunities, and mergers. His specialties include IT strategy, web strategy and project management.

For interview requests, click here.

The opinions expressed by our columnists and contributors are theirs alone and do not inherently or expressly reflect the views of our publication.

© Troy Media
Troy Media is an editorial content provider to media outlets and its own hosted community news outlets across Canada.