October is the National Cyber Security Awareness Month. Swiss Cyber Institute is delighted to share helpful cyber tips and best practices to make you more cyber aware. When it comes to information security, everyone plays a part. Hence, we understand the importance of helping inform as many individuals as possible about this important topic. In this article, we shed light on email security awareness and provide great tips for email security. Keep on reading, we promise it is going to be insightful.
Table of Contents
An introduction to email security
It goes without saying that electronic mail or simply email is the most commonly used method for exchanging information over the internet, thanks to its convenience and speed. Although it is seen as a global enabler of communications and collaboration, it puts businesses at risk, as a result of which email security has gained massive popularity and become an important matter. Email is one of the largest single attack vectors, and we are clearly aware of the risks your organization faces when trying to protect against the day-to-day scourge of threats. Email usage continues to rise. Given that, great email security begins with a thorough understanding of the threat in the first place.
Two common email threat scenarios
Cybercriminals are using email to introduce malware into corporate systems and steal sensitive information. Although a number of attack types continue to wage war on corporate emails, two groups of attacks are now causing the biggest concern: business email compromise and phishing.
Business email compromise
A business email compromise attack is a type of phishing attack in which a cybercriminal impersonates a high-level executive and utilize social engineering techniques to trick an email recipient into transferring funds into a fraudulent account.
Frequent victims include company accountants and other parties involved with real estate transactions. These attacks are often highly sophisticated and the methods used are thoroughly planned, fraudulent emails that request a wire transfer being well-worded, mimicking a legitimate email request. That is the reason why it is not easy for a target to identify the scam.
There are specific types of business email compromises, two of which are:
- False invoice scheme: is designed to cause the business to execute a fraudulent payment to the employee, whilst recording the payment as a legit business expense. Simply put, false invoices mean invoices for goods and services not rendered. Incomplete information on invoices, sequential invoice numbers over an extended time period, or invoiced items that do not match the receiving report should be regarded as red flags.
- CEO fraud: occurs when an employee authorized to make payments is fooled into making an unauthorized transfer out of the business account. Also, the employee is requested not to follow the regular authorization procedures, which obviously must increase suspicion. Unsolicited emails or phone calls, pressure or a sense of urgency, or unconventional request in contradiction with internal procedures must be seen as signs of CEO fraud.
Email spoofing adverts to a sender address that is forged to make it look as if it came from someone else. In a spoofing attack, the criminal makes deceptive context with the purpose of tricking the victim into making a wrong security-relevant decision. Unfortunately, this decision can lead to unwanted outcomes including a breach of privacy. There are several known spoofing types like IP spoofing, URL spoofing, email spoofing, etc.
Surely, there are numerous ways to be protected by email spoofing. For example, thoroughly checking the content of the received email, paying attention to the sender of the received email, and checking the header of the email are some of these ways.
Furthermore, spoof emails may contain attachments that are designed to install malware like viruses when opened. It is highly likely that in most cases, the malware will go beyond infecting your computer and spread to your entire network.
Email security tips for employees
Comprehensive email attacks do not usually contain malicious links and attachments. This makes them highly difficult to discern with traditional email security. We believe that cyber security awareness is necessary for every employee at every level of any organization. We are sharing several email security tips with the aim of helping you keep threats to an absolute minimum.
- Use strong passwords, which we covered in our blog post – 5 password security best practices in 2020
- Do not open attachments from strangers
- Do not click on the attachments with the odd filename extensions
- Never give out your email address to unknown websites
- Do not post your email address to public websites and forums, because spammers often scan these sites for email addresses
- Never open spam email and delete it without opening it, that responding to spam email can worsen the problem
- Enable a spam filter to minimize the number of spam emails
- Do not respond to suspicious banking-related, winning lottery, and fund transfer emails to avoid becoming a victim of financial fraud
Don’t be an easy target
Email security risks continue to evolve. Thus, organizations need to make their employees aware of the known and emerging threats in order to successfully defend themselves. Protecting the organization and its valuable assets from the threats posed by email requires constant vigilance. This includes awareness of new threats, a deep understanding of the organization’s sensitive data, and how to protect it. All in all, we believe that many of the attacks can be easily prevented, by simply applying the methods shared in this article.
Want to start a career in cyber security? If yes, then make sure to check out our Cyber Security Specialist training with Swiss Federal Diploma. You can also go through our blog posts where we discussed hot topics such as: cyber security career advice no one tells you, why choose cyber security as a career, cyber security jobs salary in 2022, and many more. Did we make you excited? Great! Go ahead and delve into our insights.