Fortra. Common Email Threats and How to Combat Them

A whopping 99% of email users check their email every day. Remote workers get about six times more emails than even their hybrid counterparts, and 37% of brands are increasing their email budget. As long as these numbers hold true, email-targeted attacks will continue to be a popular favorite of threat actors around the globe.

The question is: What are we going to do about it?

Common Email Threats & Current Data 

Email Protection Isn’t Working  

We have a unique vantage point into the email security landscape, and we are unhappy to report: It’s not pretty. Fortra’s PhishLabs Suspicious Email Analysis solution reported that nearly a quarter of all emails in Q1 were malicious — the highest percentage since we started keeping track. What’s even more alarming? Those classified as email impersonation, or those lacking known signatures, accounted for a staggering 99%.

The email security industry has become great at securing against signature-based threats, and bad actors can’t get around us. That’s why they’re flying under the radar and resorting to sneakier techniques that play upon users’ emotions, brain shortcuts, and human nature. Crafty, signature-less phishing attacks are flooding the field and organizations need evolved email security solutions that can keep up.

Email Threats to Watch Out For

For this reason, social engineering tactics like phishing and whaling are slipping into our inboxes undetected. Fake invoices also deserve a shout-out, and here’s kudos to vishing, the popular hybrid phishing tactic that also enjoys much success. Fortra’s 2023 Business Email Compromise Report highlighted that BEC, a type of CEO fraud, is also a contender in this category. Watch out for emails from a high-ranking individual, a well-known brand, or Office 365. Those are three favorites that BEC actors love to spoof — and that seem to get us every time. According to the FBI’s 2022 Internet Crime Report, BEC costs over 79 times what we collectively pay due to ransomware.

Not to worry though, ransomware is still stirring up its fair share of trouble. One Q3 report notes that ransomware figures are up 95% from last year. Companies dealing with information overload often miss small errors that come through and lose their security vigilance in a sea of so many emails. It’s then that ransomware, embedded in attachments or behind in-body links, spills through. CISA, the FBI, and NCSC all concur that phishing emails are some of the most common ways that ransomware gets into a system. But you didn’t need a government agency to tell you that

Fortra’s Email Security Services

Fortra has built a range of solutions around thwarting inbox attackers and addressing email threats. Consequently, we’ve been able to help clients sidestep malicious inbound email campaigns in the following ways:

  • Fortune 100 vs. Imposters 
    Using Fortra’s Agari advanced email security solution, this Fortune 100 company was able to overcome instances of executive spoofing and brand abuse. With a granular email gateway, they were able to significantly reduce the number of email threats, implement metric-driven defense, and save their SOCs hours of time.
  • Clearswift Secures Global Bank for 20 Years 
    Fortra has been the sole security provider of this international banking institution for the past two decades. Forta’s Clearswift email security and data loss prevention (DLP) solution has enabled GDPR compliance requirements through automated encryption tools, provided cohesive centralized management and easy deployment, and supported TLS and other encryption protocols.
  • Pharmaceuticals Shut Down Domain Spoofing 
    Fortra’s Agari DMARC Protection was chosen from a list of competitors to help this pharmaceutical company close a pressing security gap on a pressing deadline. Given six months, we were able to achieve p=reject in just five months and two days.

Best Practices

Avoiding Top Email Security Mistakes

When it comes to preventing inbox breaches, we sometimes get in our own way. Here are some of the top email security mistakes we make, and how to resolve them.

  1. CC’ing Everybody 
    We’ve all done it. And we can all send out a memo to “be more careful”, but that only goes so far. Luckily, Fortra’s Agari email gateway uses pre-defined tokens to nudge the sender when an outgoing email bearing sensitive information looks to be going to the wrong address (or addresses).
  1. Sensitive Screenshots 
    Sometimes pictures and screenshots can hold proprietary and otherwise sensitive data. Fortra’s Clearswift enhances OCR analysis to enable the redaction of text within images, going a step beyond other email security solutions.
  1. Hidden Pictures 
    Sometimes, the danger can pass right under our noses. Steganography encodes information in an image or object to avoid detection. Now, Clearswift email gateway can scan and sanitize outgoing images — whether on its own, as an attachment, or inside a document — clearing any extra data and producing a fresh version on the other side.

Implementing Best Practices

In addition to leveraging advanced technologies, there are some email security best practices we can adopt to strengthen our stance. They encompass:

  • Determining what data needs to be protected
  • Understanding the dangers that need prevention
  • Establishing a robust and sustainable email security policy

And are reviewed in-depth here.

On a more specific note, sometimes advanced tech is just what we need to fight against advanced threats. Fortra provides tools for the task:

  • Use our secure email gateway to inspect and detect critical data — either alone or with other deployments like Office 365.
  • Leverage our DMARC automation solution to protect against advanced, socially engineered email attacks.
  • Employ an anti-phishing solution to mitigate threats that have already reached user inboxes.
  • Use a security awareness solution to build campaigns with the highest quality training content and most up-to-date phishing simulations.

Take the Next Step against Email Threats

Once you’ve established what data needs to be secured and put your policies and practices in place, it’s time for the next steps. These center around ensuring your program has the capital to run at full capacity for the next few years, and that all depends on gaining stakeholder support for email security investment.

A robust email security solution is made up of a lot of moving parts. All the while, attackers are getting smarter, and users are getting burnt out — a bad combination. With smart strategic decisions and the right technologies, however, organizations stand a fighting chance of creating a robust email security approach that can scale to emerging threats.

Source: Fortra