Spotting the threat – 13 types of email threats
Spotting the threat - 13 types of email threats
1. Account takeover (ATO)
Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials. Cybercriminals use brand impersonation, social engineering, and phishing to steal login credentials and access
Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transactions are handled. This helps them launch successful attacks, including harvesting additional login credentials for other accounts.
Combatting account takeover requires a variety of strategies:
- Identifying the signs of phishing emails that could lead to account compromise.
- Recognizing signs of brand impersonation and URL spoofing.
- Fortifying yourself against social engineering tactics by knowing how social engineers operate.
The sample shown is typical of emails that lead to account takeover.
2. Lateral Phishing
With lateral phishing, attackers send phishing emails from hijacked accounts to contacts within and outside of the company to spread the attack more broadly. Because these attacks come from a legitimate email account and appear to be from a trusted colleague or partner, they tend to have a high success rate.
Despite these facts, targets can prevent lateral phishing from succeeding by:
- Being skeptical of emails from partners that are written in a different tone or style.
- Being wary of any requests for financial or confidential information.
- Verifying the sender’s identity with a phone call.
- Having a manager or colleague weigh in if you’re unsure.
- Alerting your IT team if you suspect anything suspicious as it could be part of a larger attack.
The sample shown highlights an example of lateral phishing.
3. Brand Impersonation
Brand impersonation is designed to mimic a familiar company or business to trick victims into responding and disclosing personal or otherwise sensitive information. Common types of brand impersonation include, service impersonation, a phishing attack designed to harvest login credentials for personal or business accounts, and brand hijacking, whereby fake or spoofed domain names provide the illusion of legitimacy.
Brand impersonation can be difficult to detect when executed well but spoofing a brand convincingly can prove equally challenging for cybercriminals. By paying close attention to things like:
- logo use and placement
- adherence to brand colours and overall design
- copy, tone and overall content
- domain names and web addresses
You can spot irregularities and potential spoofing attempts. The sample shown indicates signs of brand impersonation.