← Back to all articles

Why Your Business Needs Advanced Email Protection


Email hackers have become very sophisticated. Their latest hack is to trick users into thinking an email is from a person or entity they know or trust. Find out how to keep your business emails safe from this and other types of attacks.

Man selecting email icon on a screen using his finger

All businesses rely heavily on email communication. This makes email attacks one of the most significant risks you face. Even a single hacked email account can lead to a major security breach. Cybercriminals commonly use this method to steal confidential business data e.g. bank account details, passwords, personal information etc. They can also send spam messages containing malicious or dangerous content to all contacts of the hacked account. This can quickly damage your business reputation. In the old days, preventing email hacks amounted to spotting ‘dodgy ones’ or ones with fake links. Unfortunately, email hackers are increasingly sophisticated in their attacks.

Email Spoofing

The latest type of email attack is known as Email Spoofing. Spoofing is extremely common and very high up on the list of the most financially damaging online scams. These types of email attacks don’t use traditional malware, instead, they rely on social engineering. They deceive or trick users into thinking an email is from a person or an entity they know or trust. This usually results in money or sensitive business information being stolen or destroyed. There are two main types of spoofing, Business Email Compromise (BEC) and Email Account Compromise (EAC).

Business Email Compromise (BEC)

This is also known as CEO fraud. It tricks victims into believing they received an email from a CEO or a high up executive in a company. These emails look and feel real, without any malicious attachment. They typically comprise

  • spoofed display name/domain
  • reply to spoofing
  • look alike domain
  • spoofed sender

Email Account Compromise (EAC)

This is closely related to BEC. Hackers use “brute force” attacks to crack passwords and obtain credentials. Their aim is to “become you” and take control of your account. This allows them to bypass email filters and authentication controls. A phishing email from this type of hacked account is particularly dangerous because it appears to be from a trusted source. 

The standard approach to protecting against email attacks is deploying systems that look for malicious links, attachments etc. and blocking them. However, these standard methodologies are no longer sufficient to detect the latest generation of email threats.  A more advanced defence strategy is required.

Advanced E-mail Protection Systems

The latest advanced e-mail protection systems protect against email spoofing (BEC and EAC), spam and other malicious threats. They deploy a host of additional security techniques including:

 

  • Auto Email encryption - converting from readable plain text to scrambled cipher text.
  • Emergency inbox - allows users to send/receive e-mail in the event of a system outage.
  • Machine learning (ML) - using Artificial intelligence to analyse, assess and adapt rapidly to threats.
  • Sandbox attachment – fully isolated virtual environment, predominantly used in research, cybersecurity and development arenas
  • URL defence – detect, catch and analyse malicious URLs in real time with dynamic risk assessment
  • Multilayered content analysis – addressing the multiple aspects of BEC (display name spoofing, lookalike domains, domain spoofing etc.) and EAC (credential use across accounts, suspicious activity on accounts etc.)
  • Email spam reports – closed loop Email analysis and response

 

With IT security an ongoing and relentless battle, it is important you keep on top of the latest security scams threatening your business. You can do this by ensuring your IT support company is deploying an advanced email protection system which can protect your business emails from spoofing and other types of malicious threat.

 

Author Info

DATA Computer Services is an experienced IT support company in Edinburgh providing a wide range of IT services for businesses.





Author: Data Computer Services

person using megaphone