There has been a jump in cybercrime ever since COVID-19 forced millions of Canadian workers into remote work. Digital communication in the form of messaging platforms (Slack, Microsoft Teams, Google Chat) and emails have replaced, to a large extent, the natural verbal communication people are accustomed to. So it’s no surprise cyberattackers have tried to manipulate these channels of communication.
Nearly 50% of Canadians have received a fraudulent email this year, but that number is probably much higher. IT support services constantly update email filters to block a lot of fraudulent emails. However, not everything can be blocked as criminals are constantly evolving new ways of attack.
Read about the nine most common types of email threats in 2020-2021.
The nine most common types of email threats
Know this about email attacks: today, most are ‘socially engineered.’ That means they will try to persuade the user into performing an action. If you think you are being pushed into acting hastily or carelessly, it may be better to verify the request with the sender of the email.
- Spam – Spam is a broad term for bulk email messages that you may or may not have signed up for. They tend to impersonate brands or push lucrative scams. Most spam emails generally get found out by users themselves or end up blocked by spam filters set up by IT consulting services.
- Malware – Malware emails contain ‘malicious software.’ This can be hidden in a tainted attachment, as a download linked to an external source, or even be hidden in the email code. Malware emails can introduce spyware, ransomware, viruses, Trojans, and worms onto the machine/network.
- Exfiltration – Data exfiltration emails try to steal data from the user. Emails may try and force users to transfer data manually or include code that steals data remotely.
- Phishing emails – Phishing is one of the most common types of email threats. A socially engineered attack, phishing tries to compel users to make snap decisions. Emails pretend to come from a trustworthy source and demand immediate payment or information sharing.
Since the start of the pandemic, more than 1 in 3 Canadians have been targeted by phishing attacks.
Don’t be fooled by common advice that phishing emails are easy to spot because of poor language – our IT support services in Oakville see sophisticated fraudulent emails often!
- URL phishing – With this type of attack, a cybercriminal tries to redirect the recipient to a fraudulent website under the pretext of requiring login details or payment information. Websites impersonate those of legitimate businesses.
- Spear phishing – These emails are extremely personalized after the attacker has researched the recipient closely. Emails closely resemble official employer/vendor/bank emails. They also appear to be sent from a recognizable email address. The goal is simple: build trust and steal sensitive, confidential, or financial information.
The ‘Fake CEO’ email is a common spear phishing tactic, where the ‘CEO’ of the company writes to you urgently to transfer funds or provide information.
- Scamming – Scammers use fake schemes to try and coerce victims into handing over personal information. Fraudulent job postings, inheritance notifications, lottery winnings, and investment opportunities are popular examples of scamming.
- Domain impersonation – Also called “typo-squatting,” is when cybercriminals purchase ‘lookalike; domains. For instance, ‘mircosoft.com’ (don’t visit it) instead of the genuine Microsoft.com. Users are led there by mimicking promotional or support emails.
- Brand impersonation – Sophisticated emails that mimic official communication from a brand you transact with. These can be from the bank, a service provider, or even an online eCommerce account. The attacker gathers information piece by piece to ultimately take over your account.
These types of email threats are constantly evolving, and no email filter can ever provide 100% protection. At NUMENTIS, our IT consulting services help businesses across Oakville & GTA to maximize threat protection. We bolster IT protection with regular virtual training sessions for employees and reduce the risk of data breaches.
Speak to us today and upgrade your email readiness!