You receive an email, you are unfamiliar with the sender's name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.
Malicious Versus Benign
According to Symantec, 55.5 percent of business emails are considered spam emails, with the average business account getting about 104 emails per day, resulting in a great deal of opportunity for misreported emails.
This is not to say that spam won't contain malware as well, but it does further highlight the importance of a strong training and education program or positive security culture in place.
Reported Email Types
To underscore the importance of timely email analysis, we’ve compiled 11 examples of reported emails that demonstrate the range of threats organizations face daily. Each one highlights how phishing tactics continue to evolve and why a proactive, informed response is critical to minimizing risk.
Legitimate email
It happens all the time. An unfamiliar email gets reported, but it is actually legitimate. Between scams encouraging wire transfers, the overabundance of spam, and the occasional forgetful person, legitimate emails do get reported. Without a monitoring process in place, these emails may end up in a black hole, leading to missed information or opportunities.
Spam
Spam emails—ranging from junk, poor sales pitches, and unsolicited vendor outreach—often outnumber legitimate messages in our inboxes. While these aren't typically malicious, they can still slip past filters just like phishing emails. Platforms like Gmail offer a “Report Spam” button, while Outlook provides options to mark messages as junk or, with a bit more effort, report them as phishing. Some organizations also include a dedicated “Report Phish” button, which can lead to an increase in misreported spam. Fortunately, most of these messages end up in the email black hole and few will be missed.
Phish
According to our data, phishing attacks are the most reported type of email. This is both a strong indicator of successful training, and an unfortunate reality as phishing attacks are still constant. To get a better understanding of why phish are so impactful, here are some additional threats that are often delivered by way of phishing attacks:
419 Scam
419 Scams, often associated with the infamous “Nigerian Prince” scheme, can take many forms. These messages typically involve emotional appeals or claims from supposed government officials or businesspeople, all promising a large payout in exchange for a small upfront wire transfer. The story usually goes: Once you send the money, they’ll use it to access a larger fortune and reward you generously which, of course, never happens. While most arrive via email, these scams can also be delivered through faxes or physical letters.
Payload Link
A payload link takes a bit more hands-on work from the user, but they are still an effective attack. While newer technology helps to curb this, older versions of Microsoft Office are particularly vulnerable due to the use of macros. First, the user will open an email and download or open an attachment, it will say something along the lines of needing to enable macros so that you can see the content, and then the payload does its intended damage. The same types of attacks are also now being employed on mobile devices.
Ransomware
In May 2017, the cybersecurity world was rocked by the WannaCry ransomware attack, which impacted over 300,000 users globally. Victims were locked out of their Windows systems and told to pay a ransom in Bitcoin to regain access. WannaCry is just one example — ransomware comes in many forms and can spread through phishing emails, malicious websites, or by exploiting vulnerabilities in unpatched systems. These attacks continue to evolve, making vigilance and layered defenses more critical than ever.
DocuPhish
Paper contracts are still a thing, but digital signatures are just as common. As a result, DocuPhish builds upon the growing trend and attackers will create fake replicated sites, HTTPS and all, in an effort to get you to sign over sensitive personal and financial information.
Business Email Compromise (BEC)
Business email compromise or BEC are highly targeted email attacks that go after your C-suite or financial department. In many cases these emails are designed to look like a vendor request for payment, paying an invoice, or other previously approved relationship. Unfortunately, businesses fall for this attack on a regular basis, and training would be the biggest defense against it. To prevent BEC, all you need to do is verify the transfer internally or with the vendor.
Job Scam
Make money fast from home… the email subject line reads. Sure, you knew that was a scam (hopefully), but there are numerous other types of job scam emails that are savvier. Emails now can easily be rebranded to look like it came from LinkedIn or any of the other job sites, all with the guise of taking you to a compromised or malicious site. Some email job scams will even go so far as turning into a 419 scam.
Crimeware
Ever spotted an unfamiliar charge on your credit card statement? For many, this is an all-too-common experience and one possible culprit is crimeware. Crimeware is a type of malware designed to steal financial, retail, and even sensitive business information, often operating silently in the background until damage is done.
Remote Access Trojan (RAT)
Remote Access Trojans or RATs are particularly nasty and can be dropped on your system through compromised software or through an email attachment. RATs act as a back door, allowing the attack to practically do anything from dropping a keylogger on your system, taking screenshots, accessing all your files, and even formatting your hard drive.