What Is Threatening Your E-Mail?

A hacker can spend hours, days or months trying to hack into a network, but with a simple e-mail they can gain the same access to an organization’s sensitive information or an individual’s bank account. This is why hackers love to target e-mails and e-mail infrastructures. As a result, e-mails have become THE favored carriers of viruses, worms, ransomware, and pretty much all forms of malware. E-mail security is more important than ever. 

 

Phishing

Phishing involves a hacker tricking you into clicking a bad link or downloading an infected attachment sent to you via e-mail. What the infected attachment will do is obvious. In the case of the bad link, the idea is for the hacker to take you to a website that masquerades as a legitimate website where you potentially have an account. At this point you might enter your credentials, which are then stolen by the hacker.

Phishing e-mails often have a call-to-action or an authoritative tone urging immediate action. The idea is to bait you before you have time to think about what’s going on. Let’s take a look at some examples –

  • An e-mail with a LinkedIn invite from someone who’s asking to connect with you. You click on the link and it takes you to a page that exactly looks like a LinkedIn page. And once you enter your credentials, the hackers have them.
  • An e-mail from Microsoft calling your attention to some unusual sign-in activity in your Microsoft account. The tale from then on is very similar – there’s a link, a malicious, masquerading, very-real-looking Microsoft site that asks you to sign in with your credentials.
  • An e-mail from FedEx, UPS or USPS claiming that you have missed out on a delivery and you can track your shipment using the shipment number link in the e-mail. Once you click on the link a keylogger could be implanted into your system that sends all your keystrokes remotely to a hacker without your knowledge.

Spear Phishing is like phishing, but tailored for specific individual or organization. The motive is to steal sensitive information such as account or financial information from a specific victim or organization. The e-mails in this case are more customized to the target and include personal details or pieces of information that the victim can relate to. Such information is hunted online through various avenues like social media, forums, chat rooms, and so on. The fact that these e-mail include such additional, targeted information make them more believable and so spear phishing e-mails have a higher success rate for hackers than typical point-and-click phishing e-mails.

Business E-mail Compromise: Business e-mail compromise or BEC is a type of spear phishing attack that’s also known as a “man-in-the-e-mail” attack. This is a trick applied on unsuspecting employees in the organization who are asked to perform wire transfers by the hacker who impersonates the CEO or another C-level executive in the organization – someone of authority, essentially. Hackers closely research and monitor their potential targets in organizations for such attacks and then send sophisticated e-mails to the victim masquerading as the executive requesting wire transfers. Believe it or not, a number of victims do fall for this attack.

 

Malware

Typically, most e-mail based attacks will have the end-goal of installing some form of malware on your laptop or device. Malware is a malicious software specifically designed with malicious intent. There are various kinds of malware – Trojans, rootkits, adware, spyware and so on. A majority of e-mail based malware infections involve the opening of an infected attachment. But then there are also those attacks where the link in the e-mail takes you to a website and initiates a malware download in the background.

Once malware gets into your computer, it tries to spread around to other connected machines and devices. Some kinds of malware even give the hacker complete access to your computer or device. While others will silently steal your communications via a man-in-the-middle attack. So what is a man-in-the-middle attack?

Man-in-the-Middle is Just like the name suggests, it involves an attacker sitting in the middle between the victim and wherever the victim is sending information to…and it steals the information in transit. Typically, attackers will send an e-mail to the victim with an attachment. The victim opens the attachment and malware gets released onto the victim’s system. The attacker can then read everything that is being communicated by the victim to someone else.

There’s one more kind of malware on the block that’s not very typical – it’s called fileless malware.

 Fileless Malware is a kind of malware does not need any file to attach to and complete an attack. So your typical e-mail attachment is not used in a fileless malware attack. Let’s take an example to see how this works. You receive an e-mail urging you to click on a link that looks normal to you. Once you click on the link you are redirected to a website that hosts what is known as an “exploit kit”. Think of the exploit kit as a tool that hackers use to send codes (or commands) to your system in order to communicate with it. Once this tool knows a vulnerability on your system (for example the flash plugin on your browser is outdated), then it runs the bad code into the memory of your browser’s process. Such attacks are difficult for anti-virus software to catch. So fileless malware can push a wide range of malware into your system without being spotted and remember there is no e-mail attachment based attack involved here.

 

Ransomware

Ransomware attacks your most critical data, encrypts it, and then flashes a message on your screen (courtesy of the hacker) that you need to pay a “ransom” (usually an amount between $200 and $400 or thereabouts) if you want your data back. And there’s a time limit (usually something pressing like 12 hours). And if you don’t pay up by then, you lose your data forever. Once you pay the ransom (usually in untraceable crypto-currencies like Bitcoin), you get a decryption key with which you can decrypt your data and get it back.

Ransomware is most commonly delivered via e-mail where the victim either clicks a link or opens an infected attachment that sets of the Ransomware download in the background. In the case of a clicked link, the victim is taken to a malicious website that downloads the Ransomware on to the victim’s computer. Other kinds of attack take more work and time to monetize but ransomware makes it easy for hackers, as victims tend to pay up quickly in the fear of losing out on their valuable data. And this doesn’t end there, Ransomware will often try to spread to other connected machines on the network as well.

WannaCry, is one example of Ransomware that affects Microsoft Windows systems. When a system is infected, a pop up window appears, prompting you to pay to recover all your files within three days, with a countdown timer on the left of the window. It adds that if you fail to pay within that time, the fee will be doubled, and if you don’t pay within seven days, you will lose the files forever. Payment is accepted only via Bitcoin.

 

Spam

So marketers who wanted a method to send unsolicited messages to advertise their products or services ended up spamming their potential customers and led to the invention of “Spam”. Spammers want you to look at their advertisements and click on stuff and this paved the way for hackers who are always on the lookout for new delivery methods. Hackers often use spam avenues and spam botnets to launch millions of malicious e-mail messages. The bad guys are always on the lookout for gullible users who will unwittingly help them invade organizational networks or infect new endpoints and keep the cash rolling to drive even more cybercrime.

Spam has become a key tool for hackers today. Hackers send out spam e-mails to hack into victims e-mail accounts. They then use these accounts to send further spam e-mails to the victims contact list. And the e-mail isn’t some generic template – it often uses subject lines and a bogus file names from previous e-mails that the victim had sent out or replied to. That increases their chances of success.

Never click a link, reply to a message, or download a file from an unknown sender that you are unsure about. Simply don’t respond, and delete the message.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Intelligence and Insights

pci dss in the cloud

How to Achieve PCI Compliance in the Cloud as Security Controls Evolve

The integration of cloud services with PCI DSS compliance is particularly crucial for enterprises that handle sensitive payment card information …
Digital Forensics Investigation

What Are the 5 Stages of a Digital Forensics Investigation?

In this article, we delve deeply into the five stages of a digital forensics investigation and provide tips on how to select the right digital forensics company …
Comprehensive Guide to Penetration Testing

A Comprehensive Guide to Penetration Testing – Types, Methods, Benefits and Best Practices

This penetration testing guide explains the different types of penetration testing, their benefits, and their purpose …