Email Attacks: The Top 5 Malicious Emails to Watch Out For

Email is a great tool; it’s an ideal way to keep track of communication with clients, internal conversations and projects. We’ve become reliant on email in our day-to-day working environments.

However, it’s also an open door into your business for anyone with less-than-honourable intentions. In fact, if you and your firm aren’t careful, it can quickly become a source of disaster; it takes just one phishing email for an intruder to gain access to your sensitive company data, and cause chaos.

In order to avoid such incidents, we’ll take you through the top 5 types of malicious emails to be aware of, and what you should look for.

Dodgy Email #1: Ransomware

Let’s start with one of the scariest. A ransomware email will tell you that its sender has infected one or more of your systems with malware. Should you not send them what they ask for (usually finances in some form, commonly cryptocurrency), they’ll lock down access to your files and system, causing you to lose precious data, time, and resources.

The chances of this happening (particularly if you have a competent IT team) are extremely low. The email sender is hoping you’ll react based on fear, and send them what they’ve asked for.

In reality, they don’t have malware installed on your system(s), they never did. There are rare reported cases of such events occurring but if you’re careful about the attachments and links you open, you’re probably safe. The best way to respond? Delete the email and move on with your day.

Even better, get IT to run a malware scan or two, and ensure your software (web browsers in particular) and security patches are updated to the most recent version.

Dodgy Email #2: Phishing

Arguably the most dangerous type of email, because they can appear so authentic, is the phishing email. Designed to extract sensitive data such as emails, passwords, and credit card details, phishing emails are often disguised under a name or brand you recognise; brands such as PayPal, AusPost and eBay are some of the most common examples.

They’re one of the hardest email attacks to identify, because they’re well-made, and are made to look as if they’ve been sent by the company they’re posing as. So how do you protect against phishing?

The first thing to remember is that companies like the ones mentioned above will never ask for personal information or account details via email – ever. In fact, as a general rule of life, you should be particularly cautious of anyone who asks for usernames, passwords, or credit card details, particularly if they ask for the full details.

An easy way to spot phishing emails is finding the real email address behind the email; phishing emails commonly look like they’ve been sent by the company email address, but if you search around (often it’s a small arrow to expand the contact details of the sender), you’ll find a long non-sensical email address – the real sender.

Dodgy Email #3: Spoofing

Spoofing is exactly what we described above; whereby an email sender will hide their real email address in an attempt to convince you the email is really from the company or person they’re pretending to be.

Be extremely suspicious of any company asking for sensitive data, and see if there’s a way to expand the sender’s details anywhere above the email contents; usually, you’ll find an arrow to expand the details, showing who the email has really been sent from.

Dodgy Email #4: Whaling

Whaling is a type of phishing, targeting upper management, executives, and employees with access to funds such as executive assistants. These emails often look very official, and differ from normal phishing in one major way; general phishing is often a large-scale way for the senders to collect sensitive data from large groups of people, with no particular targets in mind.

Whaling, however, focuses exclusively on individuals or companies – giving it its alternative name, ‘Spear Phishing’. The objective is to get a person in a place of influencer or power to divulge sensitive company information that the user can use to gain access to company systems and files. They usually use this to scare the victim into blackmail.

Often these emails will look official and very important; you’ll likely be taken to a page where you’ll enter your details, which will be collected by the email sender. Once collected, the website will redirect you to the real page, leaving you with no idea your details have just been stolen.

More recently, attackers have become more sophisticated, targeting individuals who have access to funds by pretending to be their manager asking for an urgent payment to be made or gift cards to be purchased.

The only way to protect from Whaling is to be extremely conscious of what you’re clicking, and where you’re entering your details; not expecting an important email? Be suspicious. Ask yourself why is this website/person asking for these details. If you’re not sure, close the page, and type the web address in yourself to make sure you’re accessing the legitimate website or double check with the person you received this from.

Dodgy Email #5: Baiting

Baiting emails typically tempt recipients with something of value; by now, you’ll have heard of the stereotypical ‘Nigerian Prince’ scam. This is what Baiting is; it lures recipients in with promises of a reward, only to take – usually in the form of money, sensitive data, or both.

The best way to avoid these emails is to ask yourself: “Does this sound too good to be true?” If it does, it’s likely a Bait email, and you should avoid responding or engaging with it immediately.