Anna Lazaricheva, a cybersecurity expert at Kaspersky, emphasizes the critical need for robust email security as spam comprised 45.60% of global email traffic in 2023. She highlights the hidden threats within spam, such as phishing and malware, urging organisations to adopt comprehensive protective measures and employee education to mitigate these risks.
According to estimates by Kaspersky experts, the average share of spam in global email traffic in 2023 was 45.60%. This deluge of unwanted emails not only clogs up inboxes, but also consumes a significant amount of time and resources. On average, each year, employees spend between 5 and 18 hours sorting through spam, and when scaled to an organization with hundreds of employees, this translates into huge amounts of lost productivity.
Yet, the wasted time is just the tip of the iceberg. The true peril lies in the hidden threats that spam can conceal. Phishing emails and malicious messages can lead to the loss of confidential data, posing severe financial and reputational risks for companies.
Given the diverse and evolving nature of email threats, it is crucial for business owners and managers to understand the various forms these threats can take. For instance, particularly inventive fraudsters may send phishing links or malicious files not in the first email, but attempt to start a dialogue first.
In the article below we will examine the most prevalent and pressing email threats that have been observed and prevented by Kaspersky over the years, shedding light on how they operate and the potential damage they can inflict on an organization.
Phishing
Phishing emails are designed to deceive recipients into revealing sensitive information, such as login credentials or banking details. These emails often appear legitimate, mimicking trusted entities to lower the recipient’s guard.
Phishing attacks can lead to substantial monetary losses. Phishing emails can cause data breaches by tricking employees into revealing their login credentials. Once attackers gain access to a business’s systems, they can steal confidential information, including customer data, proprietary business information, and other sensitive materials.
Phishing typically spreads through links embedded in the email text or within attachments, often PDF or HTML files. An HTML attachment can even be a phishing page itself. Additionally, phishing links can be presented as QR codes within the email.
Fraudsters use a wide variety of tactics to convince users to click on phishing links. The themes and strategies they employ can be extremely diverse, making it difficult to strictly categorize them. This diversity makes phishing a persistent and adaptable threat that requires constant vigilance. Nowadays, the most topical and popular themes are as follows:
- Notifications: Often these are warnings about the need to urgently confirm an email account or any other service. There may also be other notifications, such as important messages stuck and not arriving in the inbox.
Example of notifications about suspended emails. To fix the issue and read the emails, it is proposed to click on the phishing link that looks like official sign-in to an account
- Business correspondence: Another pretext to open a phishing link is a document sent to the user, which can be viewed and downloaded by following the link provided in the message. These documents can vary greatly: invoices, delivery notes, or purchase orders.
- Shipping and Delivery: In the context of shipping, phishing emails often contain a deceptive link that the victim is urged to click ostensibly for reading a shipping document, as described above. However, the pretext for clicking the link can also be the need to confirm the delivery of goods currently pending, for instance, due to an incorrectly specified delivery address, or a lack of delivery information. These messages are often sent on behalf of well-known international companies such as DHL or DPD.
Vishing
Voice phishing, or vishing, is a type of phishing that aims to extract sensitive information or money through telephone communication. In terms of email threats, vishing involves fraudulent emails that prompt recipients to call a phone number to resolve a fake issue. Typically, these numbers are listed either in the email text or in attached DOC or PDF files.
Notification from PayPal about suspicious activity involving a transaction. If the user did not make the transaction, they need to call the provided phone number to request a refund
Business Email Compromise (BEC)
Business Email Compromise (BEC) attacks are highly targeted and sophisticated, aiming to trick specific individuals within an organization into making unauthorized financial transactions or divulging confidential information.
The fraudster’s initial goal is to convince the victim to respond to their message, initiating a dialogue. This allows the fraudster to build trust and manipulate the victim into persuading to perform some actions, that are harmful for the targeted worker’s company. This gradual process of engagement often makes the attack harder to detect until significant damage has been done.
Often, the sender’s field contains the name and surname of a high-ranking individual in the targeted company, such as the CEO. However, the sender’s email address is typically suspicious, not being a corporate email but rather an unknown address, often with a free email domain.
Malware
Malicious emails are messages containing, as a rule, harmful attachments or links. When opened or clicked, these can download malware onto the recipient’s device, leading to data breaches, system damage.
Malware can spread in various ways. Typically, we encounter emails with malicious attachments, such as archives containing malware, for example, in the form of executable files or infected Microsoft Office documents. Additionally, these emails may contain download links, which can be found both in the body of the email and in attached files (PDF, DOC).
Fraudulent schemes in malware emails tend to be less varied than in phishing emails. Generally, the user is prompted to open and download a document. So, in other words, the main fraudulent method here is disguising malicious messages as business correspondence.
Notification from a well-known bank. The attachment is a malicious XLS file
Email attacks are faced by all types of organizations, but are especially dangerous to small and medium businesses. Fraudsters continually develop new techniques to deceive recipients and bypass security measures, causing reputational risks, data breaches, and financial troubles. This relentless evolution requires an equally persistent response strategy.
At Kaspersky, we are committed to staying ahead of these threats by continuously improving our detection methods. By leveraging advanced technologies, we provide high-level protection against email threats while maintaining a minimal rate of false positives. Our ongoing efforts ensure that businesses can operate with greater confidence and security in an increasingly digital world.
To avoid the negative consequences of spam and email threats, Kaspersky recommends organizations take the following steps:
- Switch on the anti-spam or junk email function in your mail service if there is no dedicated solution as an add-on. This feature should decrease the spam flow.
- Educate employees to recognize spam and especially phishing emails by looking at such signs as the sender’s address, executable files or files with macros in attachments and calls to action. Only open attachments and click links if you are sure you can trust the sender. When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication. Specialized courses, such as Kaspersky Automated Security Awareness Platform, can help.
- Implement dedicated protection for mail servers, such as Kaspersky Security for Mail Server with a solid set of anti-phishing, anti-spam, and malware detection technologies.
- Use a reliable solution such as Kaspersky Next available in three product tiers to easily choose the tools a business needs right now, and then switch up easily when needed.