- Spear phishing
- Business email compromise (BEC)
Usually, phishing attempts are the first step in a bigger plan of attack. These emails typically bait recipients to visit a fake webpage, prompting them to log in with their company’s credentials. Some examples of these emails include links to files allegedly hosted on Google Drive, a request for verification of a PayPal transaction, or an invitation to a Microsoft Teams session. In some cases, the email would also direct recipients to purchase merchandise from a fake website.
Read more: Securing the remote workforce – 5 new cyber threats
2. Account takeover
As the name suggests, this technique is used by criminals to hack and impersonate the compromised account user in order to steal sensitive and valuable information and data, or to intercept private communications. Similarly, an account takeover may also be just the first stage of attack in a larger scheme.
You might think that these only happen in movies. However, many have already fallen victim. A real-life example unravelled by Check Point earlier this year revealed the scheme of a sophisticated cybercrime gang dubbed the Florentine Banker Group. These criminals manipulated emails, registered lookalike domains, and created man-in-the-middle attacks to heist wire transfers amounting to US$1.3m from three British private equity firms.
Another threat vector common with email attacks are malicious files, attachments or malware. These emails can appear to be as innocent as an invoice file or a resume sent to Human Resources. However, the results can be devastating to organisations.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.