Email vulnerabilities as a corporate communication channel

Email vulnerabilities as a corporate communication channel

Email is one of the most used means of communication in recent times over the Internet. But, it is true that although the security of this medium has been improved, the email it still has vulnerabilities that allow cybercriminals to steal personal information from users.

The weaknesses of the mail, at the security level, makes malicious emails pass the security barriers without any problem. One such problem is sending malicious attachments. Although the email can detect if the attachment is malicious, cybercriminals improve their techniques to be able to send this type of content and make it appear trustworthy.

More and more users are more attentive to this type of threat and block when they see something unusual, but the Cybercriminals continually change their techniques in order to infiltrate threats and not be blocked from email.

It is important to highlight that we can receive a type of attack called Phishing through links that are shared via email. These links lead to fake addresses that pretend to be legal and official, in this way they manage to steal login data or any type of confidential information.

“Cybercrime is currently a $445 billion business”

Source: Harvard Business Review

When should the first alarms go off?

• We doubt the sender
• The email has a suspicious attachment or we are invited to click on a link
• The email conveys urgency
• There are misspellings

Find out if you are vulnerable to email attacks

Cybersecurity is today one of the growing sectors and one of the most necessary tools for business. Email attacks are one of the main headaches. 

In a globalized world, with a constant flow of data and interaction, it is easy for viruses, Trojans, ransomware and any type of malware to sneak in at some point if you are not prepared. 

'7 out of 10 attacks in the cybersecurity sector come through email'

Source: Check Point

What are cyber attacks?

A cyber attack is a set of offensive actions against systems and information. They may have different goals, such as attack computers and systems to cancel the services provided by your company, subtract information stored in databases or steal identity of your workers to commit fraud.

The The most common entry channel for cyber attacks is email

«3 out of 5 companies consider not basing the bulk of their communication on this channel»

SIC – No. August 2020

Protect your communications with Tranxfer. The B2B platform for the integral management of the sending and receiving of documentation with traceability and in a safe way

Types of cyber attacks

1. Ransomware or 'data hijacking'

It consists of a type of harmful program that restricts access to certain parts or files of your operating system and demands a ransom in exchange for removing said restriction. Its usual way of entry is usually by opening a corrupted attachment or clicking on a link in a fraudulent email. One of the large-scale examples are Garmin and Telefónica.

One of the most media cases of Ransomware was that of Garmin. The global drop in company services pointed to this and we finally had official confirmation of the cause: a Ransomware cyberattack brought down the Kansas company. The cause of the crisis lay in a directed attack with the WastedLocker ransomware as the protagonist and they would have requested $10 million "ransom" for releasing encryption. It seems that Garmin ended up paying.

Another attack with worldwide repercussions was that of Telephone. Wannacry, to a massive attack that affected according to theestimates to more than 300,000 machines in 150 countries. They demanded a ransom of 500,000 euros. What this ransomware did was encrypt all the data on the computer so that the user could not access it except with a key that could only be obtained after paying a ransom.

2. Phishing

is the deception technique that seeks to impersonate a trusted person, company or service, to manipulate it and make it carry out certain actions such as offering passwords and access data.

3. CEO Fraud

It is another form of deception in which cybercriminals pose as the CEO of your company In order to request fictitious transfers to the financial department, we will find an email with the same signature and a practically identical address.

The pharmaceutical group ZendaHe has been the victim of a scam worth 9 million euros. The financial head of the entity received several emails posing as the head of the company, requesting several high-value transfers to establish contacts with a multinational. A millionaire scam that has endangered the economy of the company. And all through three emails.

4. 'Man in the middle'

In this case, the fraudster is able to read, add and modify messages between two parties. For example, between one of your clients or one of your suppliers to intercept invoices and purchase orders associated with payments, in this case, the bank details will be modified so that the transfers go to unauthorized accounts and commit fraud.

The four most common attacks:

phishing:

It is a cyberattack technique that aims to attempt to steal confidential business informationto the. 

They pretend that they come from a known contact. They are masked with official company emblems and target vulnerable accounts and lower-level employees. 

The best protection against this type of attack is a channel that monitors company communication.

spoofing:

It is a strategy used during attacks of Spam and Phishing. in these attacks Fspoof the header from an email to make it look like it's coming from within the company.

Attempts are made to confuse employees so that they provide sensitive information or banking-type transactions. 

While diligence is the best method for dealing with phishing attacks, businesses should also look for software that improves email security.

malware:

Malware or malicious software is a virus that contains programmed coding to attack and damage data, technical equipment or entire systems. 

Some examples of malware are: Trojans, viruses, spyware, worms, adware and botnets among others.

• It is sent by email during attacks of phishing and spam.
• Sent multiple emails with a virus posing as a company
• After being open, malware infects the system and causes damage to it.

Teaching company employees is the first line of defense against malware. If someone receives an email from an unknown source and with a large attachment, it's best to delete it immediately.

Ransomware:

Ransomware or ransomware is a specific type of malware that attacks the entire computer system and blocks access to users until the ransom demanded is paid. It should be noted that the fact of making the payment does not guarantee the ransom, since many times not even the hijackers know how to decrypt or reverse the changes made. 

Email security threats like this typically occur during other large-scale attacks when multiple users within the company are targeted.  

How can we do to prevent these attacks from our workplace? 

• Don't click on links or unknown and suspicious attachments
• Never enter credentials nor give passwords To thirds
• Do not share valuable information by email
• Delete attachments of the input tray so they are not exposed
• And use secure and encrypted sending and receiving methods

Your ally against cyber attacks on your company.

Interesting facts: Did you know?

“Only the recovery of the corporate image costs around €200,000. But not only that, the 60% of the organizations disappear 6 months after having suffered a theft of sensitive information.”

Cyber Security News

“99% of email attacks depend on victims clicking.”

“The 60% of thefts occur electronically (phishing tool, elevation of privileges, WannaCry…).”

Cybersecurity News

“The 75% organizations have had significant impacts on their operations, and the 47% on their finances, due to email attacks. Spain has the highest percentage of security incidents in Europe as a result of opening a spam email in companies: 54%, compared to the European average of 41%. The 37% of the Spanish CISOs dealt last year with incidents derived from the theft of passwords through phishing.”

ABC Newspaper

Transfer as a solution

Protect the exchange of information in your organization in an easy way

• Send files and receive files with no weight limit, and safely.
• The tool offers traceability and continuous audit; monitoring, acknowledgment of reception, readings and/or downloads.
• Advanced security policies and an easy-to-use user and administrator interface, in version website or O365 plugin.
• We have APIs and Plugins to integrate with other systems
• We can integrate with SIEM, Active Directory and we offer different deployment modalities

Information leaks | GDPR breach | malware entry

The preferred tool for CISOs to secure their employee communications and bolster their chief security officer's plan for file sharing.

• Send and receive files securely
• Choose your shipping and display preferences
• Prevents entry and exit of malware
• Control information leakage
• end-to-end encryption

More than 1 million licensed users

More than 5 million recipients 

Contact us for more information: [email protected] or through our social networks:

LinkedIn Y Twitter