91% of Cyberattacks Start in the Inbox

According to Barracuda, email is the most common origination point for cyberattacks. How closely do you pay attention when opening, interacting with, and replying to emails?

You’re probably familiar with some of the more infamous email attacks—where a foreign prince has gifted you with riches beyond your wildest dreams or where you’ve won thousands of dollars in gift cards to your favorite restaurant chain. But what about the trickier cyberattacks?

If computers keep getting infected via email, there has to be a sneaky trick you don’t know about, right? Not exactly. You don’t need to be a cybersecurity expert to recognize the tell-tale signs of email cyberattacks. If you know where to look, know how to identify malicious emails, and have a few cybersecurity tools in your toolbox, you can help prevent spammy and dangerous emails from infecting your business.

email security threat protection

What Is an Email Cyberattack?

Generally, email cyberattacks fall into two main categories: virus or phishing.

The attack is usually user-initiated with a computer virus, meaning the virus doesn’t automatically infect your computer when it comes in. In most cases, you need to click on something in the email to allow the virus to enter your machine. For example, clicking a link or downloading and installing an attachment.

Phishing attacks trick you into handing over sensitive information or data. Hackers use social engineering techniques, like disguising the email address to be from someone you trust to convince you into handing over valuable information like credit card numbers, personal data, and passwords.

What Parts of the Email Should You Investigate?

1. “From” Email Address

Do you recognize whom the email came from? If you can’t identify the sender, check if the email is from an internal or external source. Look carefully—malicious messages may come from an email address that looks legitimate but has a slightly different spelling or domain name.

2. “To” Email Address(es)

If the email reached your inbox, why do you need to look at the To line? If it’s a standard message, it’ll be sent directly to you, or you’ll most likely recognize other recipients. Be wary of emails that include many unfamiliar addresses in the To or Cc lines in the email header. This sign could indicate a malicious email, where the sender is trying to infect multiple computers with a virus or collect a lot of information at one time via phishing.

3. Subject Line

Before you even open an email, the subject line can be a good indicator of its legitimacy. You’re probably familiar with the types of emails you receive regularly. Does this one seem overly urgent or ask you for money? Does it feel threatening? Is it an emergency? If the subject line feels off, proceed with caution. When in doubt, if the sender seems legitimate and familiar, contact them through another avenue, like phone or text. Odds are, if someone needed to reach you in an emergency, they would probably use a more urgent method than email.

4. Email Body Text

The email body text is one of the biggest traps with email cyberattacks — both virus and phishing attacks can be present in the body of the email. First, look at the content. Does it make sense? How’s the spelling and grammar? If anything looks off, trust your gut, and report the email. Avoid clicking on hyperlinks, buttons, and pictures unless you absolutely trust the source.

With phishing attacks, be wary of any email that asks you for sensitive information, user names, passwords, personal data, and financial information. Most senders won’t ask you for detailed personal information via email; it’s just not safe. When in doubt, verify the email with a more direct form of communication, like a phone call.

5. Attachments

Pay attention to the types of attachments that get sent to your inbox. Even if the sender looks legitimate, they may have accidentally passed a virus on to you. Be especially wary of executable files (.exe), compressed files (.zip), files with unknown extensions, and files with double/masked extensions (.docx.exe).

Email Security and DNS Filtering Tools

While user education and training is an essential piece of any email security solution or cybersecurity solution, there are also tools that can help keep you protected, including:

  • Email Encryption. Protect your emails from being intercepted by a malicious third party. Email encryption encodes your messages so that only the intended recipient can read the email.
  • Email Filtering and Spam Blocking. Prevent malicious emails from reaching your inbox with tools like spam protection, virus protection, DOS attack protection, email spooling, pre-filtering, and sandboxing.
  • Spear-Phishing Protection. Employ advanced machine learning and AI techniques to identify and stop spear-phishing emails before they reach your inbox.
  • Real-Time Email Threat Detection. Advanced Threat Protection (ATP) scans attachments in real-time to detect viruses and cyberthreats.
  • Email Backup. Having a secure email backup is essential in case of a disaster or cyberattack.

We Help Keep Your Business Safe.

Are you interested in learning more about email security services for your business? High Touch specializes in building cybersecurity solutions for businesses, including managed Email Filtering and ATP services. Let’s get in touch.