By The PhishLabs Team | January 18, 2018
You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.
Malicious Versus Benign
According to Symantec, 55.5 percent of business emails are considered spam emails, with the average business account getting about 104 emails per day, resulting in a great deal of opportunity for misreported emails.
This is not to say that spam won’t contain malware as well, but it does further highlight the importance of a strong training and education program or positive security culture in place.
Reported Email Types
In December, our Founder and CTO, John LaCour, discussed the importance of a strong monitoring process and timely analysis of reported emails. During the webinar John also broke down some of the types of emails we see on a daily basis, and how each can potentially impact your business. To further drive home the importance of timely analysis, here’s a look at 11 different types of reported emails:
It happens all the time. An unfamiliar email gets reported, but it is actually legitimate. Between scams encouraging wire transfers, the over abundance of spam, and the occasional forgetful person, legitimate emails do get reported. Without a monitoring process in place, these emails may end up in a black hole, leading to missed information or opportunities.
Junk, bad sales opportunities, vendors soliciting you with services. We get more spam emails on a daily basis than likely regular ones, but that doesn’t necessarily mean it’s malicious and should be reported. And just like phishing emails, the auto-detecting filters don’t always catch it. Some systems like Gmail or Google Apps have a button to report an email as spam, where as platforms like Outlook allow you to report it as junk or with a bit more digging as a phish. On top of this you may also have a dedicated report phish button, which in turn may lead to an increase of misreported emails that are simply spam. However, nobody will really miss these if they fall into the email black hole.
If you’re on our blog, there is a good chance you already know what a phish is. According to our data (as of December 2017), phishing attacks are the most reported type of email. This is both a strong indicator of successful training, and an unfortunate reality as phishing attacks are still constant. To get a better understanding of why phish are so impactful, here are some additional threats that are often delivered by way of phishing attacks:
419 Scams, also sometimes referred to as the Nigerian Prince scams, can come in quite a few forms. From sob stories to government officials and businesspeople, these emails typically seek out a wire transfer with a supposed big payout after helping them out. You send them a bit of money, and once they’ve supposedly used that money to access their full account, you’ll receive an exorbitant amount of it, which is obviously not true. These can also come in by way of faxes and letters.
A payload link takes a bit more hands-on work from the user, but they are still an effective attack. While newer technology helps to curb this, older versions of Microsoft Office are particularly vulnerable due to the use of macros. First, the user will open an email and download or open an attachment, it will say something along the lines of needing to enable macros so that you can see the content, and then the payload does its intended damage. The same types of attacks are also now being employed on mobile devices.
In May of 2017 one of the largest cyber security conversations turned towards the Wannacry ransomware attack that affected more than 300,000 people. In the attack, Windows users were locked out of accessing their information unless they provided the attacker with a bitcoin transfer. Like the Wannacry attack, there are numerous other types of ransomware out there. These attacks can come through emails, visiting malicious or compromised websites, or dropped onto vulnerable systems.
Paper contracts are still a thing, but digital signatures are just as common. As a result, DocuPhish builds upon the growing trend and attackers will create fake replicated sites, HTTPS and all, in an effort to get you to sign over sensitive personal and financial information.
Business Email Compromise (BEC)
Business email compromise or BEC are highly targeted email attacks that go after your c-suite or financial department. In many cases these emails are designed to look like a vendor request for payment, paying an invoice, or other previously approved relationship. Unfortunately businesses fall for this attack on a regular basis, and training would be the biggest defense against it. To prevent BEC, all you need to do is verify the transfer internally or with the vendor.
Make money fast from home… the email subject line reads. Sure, you knew that was a scam (hopefully), but there are numerous other types of job scam emails that are more savvy. Emails now can easily be rebranded to look like it came from LinkedIn, Careerbuilder, or any of the other job sites, all with the guise of taking you to a compromised or malicious site. Some email job scams will even go so far as turning into a 419 scam.
Have you ever looked at your credit card statement to find something out of place? For many of us this is a simple reality and one potential cause is crimeware. Crimeware is a type of malware that goes for your financial, retail, and even confidential or sensitive business information.
Remote Access Trojan (RAT)
Remote Access Trojans or RATs are particularly nasty and can be dropped on your system through compromised software or through an email attachment. RATs act as a back door, allowing the attack to practically do anything from dropping a keylogger on your system, taking screenshots, accessing all your files, and even formatting your hard drive.