When is a phishing email not a phishing email? The taxonomy of malicious emails

Markus Jakobsson, chief scientist at Agari

Malicious email attacks have dominated the security headlines in recent months, with 2017 already seeing large campaigns targeting Netflix and Amazon customers.Despite the number of incidents however, many individuals and businesses alike don’t actually know what kind of attacks they are being hit by, let alone understand how many different types of attacks exist.

The effect of an email attack can be devastating, leading to financial losses, reputational damage or worse. For a business to defend itself against attacks, it is essential they are able to identify the type of attacks they are most vulnerable to or concerned with so they can put the appropriate security measures in place, says Markus Jakobsson, chief scientist at Agari.

Identifying and protecting

The differences between the content and the methods used to deliver these email attacks can often be very subtle. For example, a consumer phishing attack is typically sent by an imposter who spoofs an email or uses a deceptive display name to create a false identity.

In these types of attacks, the cyber criminals typically use an unfocused ‘scattershot’ approach, sending out the malicious email to a wide audience. The success rate of this type of approach is low, as the content is unlikely to be persuasive enough to trick many into clicking on a link.

With most phishing attacks, the criminal impersonates a trusted organisation’s brand and sends malicious emails to their customers. Because the email appears to be from a known and trusted sender, a number of customers will open it and then be asked to either open a malicious document or click on a link.

Business email compromise (BEC) attacks, on the other hand, can come from either an imposter or from a legitimate but compromised account. These types of attacks typically use social engineering methods to create ‘believable’ content for a fraudulent email, which makes them much more likely to be successful. They are also extremely targeted, being sent to a few, very specific people such as financial controllers or HR managers of a company.

Ransomware is a third type of attack. While ransomware emails are typically sent from an imposter, they can also come from a compromised account. Like BEC attacks, they are often targeted and use advanced social engineering techniques to create ‘believable’ content that convinces their victims to open a malware-infected document or click on a malicious link.

As soon as the victim opens the malicious file, his or her computer (and potentially other computers on the same network) gets infected, and the hard drives are encrypted. The attacker will then offer to sell the decryption key to the victim.

Thanks to the huge volume of emails arriving every day, it can be difficult to differentiate between truly malicious emails, legitimate email and “grey mail”. The latter are the annoying emails which fill up our inboxes or spam folders but are usually harmless, such as newsletters and advertisements.

Prevention is better than cure

There is no one solution which can prevent all malicious email attacks. To defend against all email attacks, organisations need to implement a multi-layered security solution. Using email authentication technology which can identify and confirm the identity of the sender is much more effective than using a programme which focuses purely on blocking emails with known malicious attachments, as criminals can use crypters to “recompile” malware and make it evade detection.

Email authentication software will, over time, begin to recognise increasing numbers of email addresses and domains and remember previous actions taken for each one. This type of solution will go a long way to protecting an organisation and its employees against malicious email attacks.

Each attack requires its own solution – there is no ‘one size fits all’ approach to preventing cyberattacks. By understanding the techniques, targets and motivations behind each kind of malicious email, businesses can be better prepared to understanding the solutions that will prevent them.

The author of this blog is Markus Jakobsson, chief scientist at Agari

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

A good connection is not just for Christmas

Posted on: November 25, 2021

Peak season trading this year is set to be more difficult than ever for retailers. Unprecedented supply chain disruption is threatening to decimate stock levels. Post-COVID customer behaviour is unpredictable with some customers relying ever more heavily on ecommerce; others heading to the high street to get ahead on Christmas buying in response to fears

Read more

stc announces partnership with Sensoneo to drive smart waste management

Posted on: November 25, 2021

Riyadh, Saudi Arabia. 24 November 2021 – stc, the ICT specialist driving digital transformation in the Middle East and North Africa, has announced a partnership with Sensoneo to provide customers in Saudi Arabia with the most reliable and easy-to-deploy smart waste management technology. Sensoneo is a provider of enterprise-grade smart waste management solutions.

Read more