Hackers commonly infiltrate organisations by using a range of email-based cyberattacks. We reveal four common email threats to look out for, and how to protect your business from falling prey to them.

Threat #1: Malware infiltration

More than 70% of respondents in a 2017 Osterman Research survey report were “concerned” or “extremely concerned” about malware infiltration through email. Their fears are not unfounded, given the infamous malware attacks that have made headlines around the world in recent years. The 2018 Winter Olympics in Pyeongchang, for example, were hit by the notorious ‘Olympic Destroyer’ malware attack that disrupted Wi-Fi systems at the Games, and led to ticketing turmoil and a shutdown of the event’s official website.

Malware is essentially a catch-all term for a range of malicious programmes. This includes viruses that overwrite your business data, keylogger software that monitors your keystrokes in order to steal passwords and other sensitive information, and backdoor trojans that enable hackers to access your computer.

These programmes are often spread via email attachments and you’ll need software that can filter out these malicious programmes from your email network. The good news is that there is a software to help organisations identify and prevent such attacks. Microsoft Office 365 Advanced Threat Protection (ATP) uses Zero-day Email Protection to secure your mailboxes against unsafe attachments that might contain malware.

Threat #2: Ransomware

According to the Osterman report, 35% of organisations in Singapore have experienced a ransomware attack in the preceding 12 months. Of those, 21% had to cease business operations immediately, while 11% reported lost revenues as a result of the cyberattack.

Hackers typically use ransomware to encrypt a user’s files and hold their business data hostage until a ransom is paid. As with other types of viruses and malicious software in the hacker’s arsenal, ransomware spreads when a user clicks on an infected email attachment. That is why protecting your company’s email network against cyberattacks is so important.

Fortunately, as seen above, ATP’s ability to quarantine unsafe attachments proves useful against ransomware as well.

Threat #3: Email spoofing

Imagine getting an email from a trusted friend, asking for a certain amount of money because they are in a tricky spot. You transfer the sum to the bank account they have provided without giving it a second thought, only to realise later that their email ID has been spoofed.

Spoofing is a type of phishing attack that seeks to gain access to a user’s log-in details and passwords via their email account. In a spoof attack, the hacker falsifies the email sender’s information to make it appear as if the email came from a trusted source. They then trick the user into providing their personal or banking information or clicking on a malicious attachment that downloads ransomware or infects their computer with viruses.

With spoofing intelligence, ATP analyses and blocks emails from senders who can’t be verified using standard email authentication methods.

Threat #4: Malicious links

Hackers also use malicious links contained within emails to send users to fake websites that are designed to capture their personal and financial information.

In 2016, at least five Singapore government agencies issued advisories regarding a growing number of fake government websites that have appeared in recent years.

Anti-hacker protection software can be useful here too. ATP, for instance, scans web content and examines URLs in real time whenever a user clicks on a link. Unsafe websites can then immediately be blocked or users will be warned against visiting the site.

Email-based cyberattacks are a daily challenge for businesses in today’s digital environment. But with the right protection software in place, companies can drastically reduce their exposure to cyberthreats.

Singtel is conducting a series of workshops to help companies understand the gaps between their current IT security and global standards. For more information on implementing the technical solutions required to keep your business safe from email-based cyberthreats, click here.