What are some types of email security threats? Print

Email security threats come in many forms:

• Spam is any type of unwanted, unsolicited digital communication that is sent out in bulk.
• Phishing is a common attack technique that utilizes deceptive communications (including email, instant messages, SMS, and websites) from a seemingly reputable source in order to gain access to sensitive information.
• Business email compromise (BEC) involves phishing emails that use impersonation and company knowledge to trick employees to wire money or data, or to change bank account information.
• Account takeover (ATO) also known as account compromise, occurs when a cyber attacker gains control of a legitimate account. Once they have control of an account, they can launch a variety of attacks, such as supply-chain phishing, data exfiltration, financial fraud, etc.
• Malware is an application written with the intent of causing damage to systems, stealing data, gaining unauthorized access to a network, or generally wreaking havoc.
• Ransomware is a form of malware that infects systems and encrypts files. The user cannot access their data until a ransom is paid in exchange for a decryption key. Once the ransom is paid, a user can only hope that the attacker will provide the decryption key and permit them to regain access to their files.
• Advanced persistent threats (APTs) are complex attacks intended to establish an illicit, long-term presence in a network in order to collect highly sensitive data or compromise an organization’s operability.
• Zero-day exploits refer to a vulnerability that is actively being exploited in the wild, but is not yet known to the software provider. Thus, a software patch to fix the exploit is unavailable.