A cyberattack can affect your construction business in many ways, depending on its nature, scope, and severity. 

IC3 received 467,361 complaints last year—more than 1,300 per day—with phishing responsible for 93% of email breaches. There can be a variety of indirect and intangible costs from attacks, too, such as legal fees, regulatory fines, operational disruptions, a damaged brand reputation, and other severe consequences. 

In today’s rapidly evolving environment, traditional email security solutions aren’t enough to protect businesses anymore. You must also effectively defend against sophisticated email threats that are often able to bypass defences by using backdoor techniques, including spoofing, social engineering, and fraud, to penetrate networks and wreak havoc. 

While comprehensive email gateway defences provide a solid foundation, using a multilayered protection strategy radically reduces susceptibility to email attacks and helps better defend your business, data, and people.  

What are the threats that my email account faces? 

The email and phishing threats faced by organizations today vary greatly in complexity, volume, and the impact they have on businesses and their employees. There are a number of distinct categories of email threats:

• Spam: These are unsolicited, high-volume messages generally of a commercial nature, which are sent without regard to the recipient’s identity.
• Malware: This is software specifically designed to cause damage to technical assets, disrupt operations, exfiltrate data, or otherwise gain access to a remote system. Malware is usually distributed through email attachments or URLs leading to malicious content. 
• Data Exfiltration: These types of attacks occur when data is copied or retrieved from a remote system without the owner’s consent. It can occur maliciously or accidentally. 
• Phishing: These emails attempt to trick an end-user into believing the message is from a trusted person or organization to get them to take an action like disclosing credentials, wiring money, or logging into a legitimate account on an attacker’s behalf.
• Impersonation: This category includes any attack where the malicious actor pretends to be a person, organization, or service. It’s a broad superset of attacks that usually go hand in hand with phishing. 

A total of 13 email threat types fall into these categories. Some of these attacks are used in conjunction with others; hackers often combine various techniques. For example, many spam messages include phishing URLs, and it’s not uncommon to see a compromised account be used in internal or lateral wire fraud. Understanding the nature and characteristics of these attacks helps build the best protection for your business, data, and people.

Here’s a look at the top 13 email threat types and how to strengthen your email security posture against them. As email attacks get more complex, they become harder to defend against.

Spam

Spam is unsolicited bulk email messages, also known as junk email. Spammers typically send an email to millions of addresses, with the expectation that only a small number will respond to the message. Spammers gather email addresses from a variety of sources, including using software to harvest them from address books. The collected email addresses are often also sold to other spammers.

Spam comes in various forms. Some spam emails push scams. Others are used to conduct email fraud. Spam also comes in the form of phishing emails that use brand impersonation to trick users into revealing personal information, such as login credentials and credit card details

Malware

Cybercriminals use email to deliver documents containing malicious software, also known as malware. Typically, either the malware is hidden directly in the document itself, or an embedded script downloads it from an external website. Common types of malware include viruses, Trojans, spyware, worms, and ransomware.

Common types of malware attacks

Volumetric malware:

This type of malware is designed to be spread en masse and take advantage of older, unpatched systems using common vulnerabilities. It exploits known vulnerabilities and can generally be caught by signatures and simple heuristics. 

Volumetric malware is also known as commodity malware and viruses. 

Zero-day malware: Advanced malware attacks use zero-day threats, which are ones that haven’t been seen before and don’t match any known malware signatures. They may exploit a previously unknown software vulnerability or use a new malware variant delivered by standard means. These zero-day attacks are impossible to detect with traditional signature-based solutions.

Zero-day malware is also known as 0Day.

URL attacks: URLs that point to malicious websites or payloads are generally intended to trick users into clicking to download malware. 

Data Exfiltration

Data exfiltration is the unauthorized transfer of data from a computer or other device. It can be conducted manually via physical access to a computer and as an automated process using malicious programming on the internet or a network. Attacks are typically targeted, with the objective of gaining access to a network or machine to locate and copy specific data. In addition to malicious attacks, data is frequently lost accidentally due to human error.

URL Phishing

In phishing attacks, cybercriminals try to obtain sensitive information for malicious use, such as usernames, passwords, or banking details. With URL phishing, cybercriminals use email to direct their victims to enter sensitive information on a fake website that looks like a legitimate website.

Scamming

With email scamming, cybercriminals use fraudulent schemes to defraud victims or steal their identity by tricking them into disclosing personal information. Examples of scamming include fake job postings, investment opportunities, inheritance notifications, lottery prizes, and fund transfers.

Spear phishing

Spear phishing is a highly personalized form of email phishing attack. Cybercriminals research their targets and craft carefully designed messages, often impersonating a trusted colleague, website, or business. Spear-phishing emails typically try to steal sensitive information, such as login credentials or financial details, which is then used to commit fraud, identity theft, and other crimes. Cybercriminals also take advantage of social-engineering tactics in their spear-phishing attacks, including urgency, brevity, and pressure, to increase the likelihood of success

Domain Impersonation

Domain impersonation is often used by hackers as part of a conversation-hijacking attack. Attackers attempt to impersonate a domain by using techniques such as typosquatting, replacing one or more letters in a legitimate email domain with a similar letter or adding a hard-to notice letter to the legitimate email domain. In preparation for the attack, cybercriminals register or buy the impersonating domain

Examples of this may be 

Gooogle.com (extra o)

Goógle.com (accent on o)

Brand impersonation

Brand impersonation is designed to impersonate a company or a brand to trick their victims into responding and disclosing personal or otherwise sensitive information.

Common types of brand impersonation include:

Service impersonation is a type of phishing attack designed to impersonate a well-known company or commonly used business application. It is a popular type of phishing attack because the emails are well designed as an entry point to harvest credentials and carry out an account takeover. Service impersonation attacks are also used to steal personally identifiable information, such as credit card numbers. 

Brand hijacking is a common form of phishing. It occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees. This is usually done by sending emails with false, or spoofed, domain names that appear to be legitimate. Brand hijacking is also known as brand spoofing and domain spoofing

Blackmail

Blackmail scams, including sextortion, are increasing in frequency, becoming more sophisticated, and bypassing email gateways.

In sextortion attacks, cybercriminals leverage usernames and passwords stolen in data breaches, using the information to contact and try to trick victims into giving them money. The scammers claim to have a compromising video, allegedly recorded on the victim’s computer, and threaten to share it with all their contacts unless they pay up.

Business Email Compromise

In BEC attacks, scammers impersonate an employee in the organization in order to defraud the company, its employees, customers, or partners. In most cases, attackers focus their efforts on employees with access to the company’s finances or personal information, tricking individuals into performing wire transfers or disclosing sensitive information. These attacks use social-engineering tactics and compromised accounts, and they often include no attachments or links

Conversation Hijacking

With conversation hijacking, cybercriminals insert themselves into existing business conversations or initiate new conversations based on information they’ve gathered from compromised email accounts to steal money or personal information.

Conversation hijacking can be part of an account-takeover attack. Attackers spend time reading through emails and monitoring the compromised account to understand business operations and learn about deals in progress, payment procedures, and other details. Cybercriminals rarely use the compromised accounts to send a conversation hijacking attack, though. Instead, attackers use email-domain impersonation. 

Lateral Phishing

With lateral phishing, attackers use recently hijacked accounts to send phishing emails to unsuspecting recipients, such as close contacts in the company and partners at external organizations, to spread the attack more broadly. Because these attacks come from a legitimate email account and appear to be from a trusted colleague or partner, they tend to have a high success rate.

Account Takeover

Account takeover is a form of identity theft and fraud, where a malicious third party successfully  gains access to a user’s account credentials. Cybercriminals use brand impersonation, social engineering, and phishing to steal login credentials and access email accounts. Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transactions are handled. This helps them launch successful attacks, including harvesting additional login credentials for other accounts

Conclusion

Hopefully, this clears up some of the situations you may have never even noticed before, half of staying safe online is the acknowledgement of the threats that are actually out there! 

We hope you found this useful and you continue to stay safe out there!

For any questions you have, do not hesitate to contact us! 🕊