Vulnerabilities of e-mail as a corporate communication channel
Email is one of the most widely used means of communication over the Internet in recent times. However, it is true that although the security of this medium has been improved, email still has vulnerabilities that allow cybercriminals to steal personal information from users.
The weaknesses in email security allow malicious emails to pass through security barriers without any problems. One such problem is the sending of malicious attachments. Although email can detect whether the attachment is malicious, cybercriminals improve their techniques to be able to send this type of content and make it look trustworthy.
Increasingly users are becoming more aware of such threats and block when they see something unusual, but cybercriminals are continually changing their techniques so that they can infiltrate threats and not be blocked in the email.
It is important to note that we can receive a type of attack called Phishing through links that are shared via e-mail. These links lead to fake addresses that pretend to be legal and official, so that they can steal login details or any kind of confidential information.
“Cybercrime is currently a $445 billion business.”
Source: Harvard Business Review
When should the first alarm bells ring?
- We doubt the sender
- The email has a suspicious attachment or we are invited to click on a link.
- The email conveys urgency
- There are spelling mistakes
Find out if you are vulnerable to email attacks
Cybersecurity is one of today’s growing sectors and one of the most necessary tools for businesses. Email attacks are one of the biggest headaches.
In a globalised world, with constant data flow and interaction, it is easy for viruses, Trojans, ransomware and any type of malware to slip through at some point if you are not prepared.
‘’7 out of 10 attacks in the cybersecurity sector come via email’’
Source: Check Point
What are cyber-attacks?
A cyber-attack is a set of offensive actions against systems and information. They can have different objectives, such as attacking equipment and systems to disable the services provided by your company, to steal information stored in databases or to steal the identity of your employees to commit fraud.
The most common entry channel for cyber-attacks is email.
“3 out of 5 companies are considering not basing the bulk of their communication on this channel”
SIC – Nª August 2020
Protect your communications with Tranxfer. The B2B platform for the comprehensive management of sending and receiving documents with traceability and in a secure manner.
Types of cyber-attacks
1. Ransomware or ‘data hijacking’.
This is a type of malware that restricts access to certain parts or files of your operating system and demands a ransom in exchange for removing the restriction. Its usual route of entry is usually by opening a corrupted attachment or clicking on a link in a fraudulent email. Large-scale examples include Garmin and Telefónica.
One of the most publicised cases of Ransomware was that of Garmin. The global downtime of the company’s services pointed to it and finally we had official confirmation of the cause: a Ransomware cyberattack brought down the Kansas-based company. The cause of the crisis was a targeted attack with the WastedLocker ransomware as the protagonist, and a 10 million dollar “ransom” was reportedly demanded for unlocking the encryption. It seems that Garmin ended up paying.
Another attack with global repercussions was that of Telefónica. Wannacry, a massive attack that affected, according to estimates, more than 300,000 machines in 150 countries. A ransom of 500,000 euros was demanded. What this ransomware did was to encrypt all the data on the computer so that the user could not access them except with a key that could only be obtained after payment of a ransom.
This is a deception technique that seeks to impersonate a trusted person, company or service in order to manipulate it and make it perform certain actions, such as offering passwords and access data.
3. The CEO scam
This is another form of scam in which cybercriminals impersonate the CEO of your company in order to request fictitious transfers to the financial department, you will find an email with the same signature and a virtually identical address.
The Zendal pharmaceutical group has been the victim of a scam worth 9 million euros. The company’s chief financial officer received several e-mails pretending to be the head of the company, requesting several high-value transfers to establish contacts with a multinational. A million-dollar scam that has endangered the company’s finances. And all by means of three e-mails.
4. ‘Man in the middle’.
In this case, the fraudster is able to read, add and modify messages between two parties. For example, between one of your customers or one of your suppliers to intercept invoices and purchase orders associated with payments, in this case, the bank details will be modified so that the transfers go to unauthorised accounts and the fraud is committed.
The four most common attacks:
This is a cyber-attack technique aimed at tThis is a cyber-attack technique aimed at trying to steal confidential business information. .
They pretend to come from a known contact. They masquerade as official company emblems and target vulnerable accounts and lower-level employees.
The best protection against this type of attack is a channel that monitors company communication.
This is a strategy used during spam and phishing attacks. In these attacks, the header of an email is spoofed to make it look like it comes from within the company.
They try to mislead employees into providing sensitive information or banking transactions.
While diligence is the best method of dealing with phishing attacks, companies should also look for software that enhances email security.
Malware, or malicious software, is a virus that contains coding programmed to attack and damage data, technical equipment or entire systems.
Examples of malware are: Trojans, viruses, spyware, worms, adware and botnets among others.
- It is sent by email during phishing and spam attacks.
- Multiple emails are sent with a virus posing as a company.
- After being opened, the malware infects the system and causes damage.
Educating company employees is the first line of defence against malware. If someone receives an email from an unknown source and with a large attachment, it is best to delete it immediately.
Ransomware is a specific type of malware that attacks the entire computer system and blocks access to users until the ransom demand is paid. It should be noted that making the payment does not secure the ransom, as even the hijackers often do not know how to decrypt or revert the changes made.
Email security threats like this often occur during other large-scale attacks when multiple users within the company are targeted.
How can we prevent these attacks from happening in the workplace?
- Do not click on unknown and suspicious links or attachments
- Never enter credentials or give passwords to third parties
- Do not share valuable information via email
- Delete attachments from the inbox so that they are not exposed
- And use secure, encrypted sending and receiving methods.
Your ally against cyber-attacks on your company.
Interesting facts: Did you know?
“The recovery of the corporate image alone costs around €200,000. But not only that, 60% of organisations disappear 6 months after having suffered a theft of sensitive information.”
“99% of email attacks rely on victims clicking through..”
“60% of thefts occur electronically (phishing tool, elevation of privilege, WannaCry…).”
“75% of organisations have had significant impacts on their operations, and 47% on their finances, due to email attacks. Spain has the highest percentage of security incidents in Europe as a result of opening an unwanted email in companies: 54%, compared to the European average of 41%. 37% of Spanish CISOs last year dealt with incidents resulting from password theft through phishing.”
Tranxfer as a solution
Protect your organisation’s information exchange with ease.
- Send files and receive files with no weight limit, and securely.
- The tool offers traceability and continuous auditing; monitoring, acknowledgement of receipt, readings and/or downloads.
- Advanced security policies and an easy-to-use user interface and administrator, in web version or O365 plugin.
- We have API and Plugins to integrate with other systems.
- We can integrate with SIEM, Active Directory and offer different deployment modalities.
Information leakage | GDPR non-compliance| malware entry.
The preferred tool for CISOs to secure their employees’ communications and reinforce their security manager’s plan for file sharing.
- Send and receive files securely
- Choose your sending and viewing preferences
- Prevent malware ingress and egress
- Control data leakage
- End to end encryption
More than 1 million licensed users
More than 5 million receivers
Contact us for more information: [email protected]
Or via our social media channels: