With so much of the global workforce still working from home, reliance on email communication has reached an all-time high. This new digital landscape offers increased security risks for small and large businesses, alike.
What is spam?
While there are many ways digital scammers try to steal your information, email spam is one of the most persistent and successful types of phishing attacks we see with businesses in 2021. As so much of our daily lives, and work, migrate online, cloud-based email servers have become a favorite target of cybercriminals. Spammers are becoming more sophisticated in their tactics to get your personal information or trick you into downloading malicious software using fake attachments and links. Nowadays, the consequences from a spam attach can be devastating for a small business. We’ve compiled some of the top email spam threats for businesses to help protect yourself, your employees, and your business in 2021.
(VIDEO: learn more about how to spot spam in our quick spam explainer.)
Compromised accounts are on the rise.
The COVID-19 pandemic caused many businesses to pivot to remote work over the last year and in return, spammers have jumped at the opportunity to expose weaknesses in their business security practices. As a result, we have seen an increase in the hijacking of compromised emails in the early months of 2021. Spammers are using the compromised accounts from the last year to target new contacts and increase their reach this year. With an increased focus on password mining for email accounts, you can expect to see more spam coming from legitimate, compromised accounts this year.
(BLOG: Learn how to create stronger email passwords in this blog post.)
Business Email Compromise (BEC) will go global.
Basically a more sophisticated form of email spoofing, Business Email Compromise happens when a targeted account opens an infected link or attachment, compromising the contact lists, email addresses or login information for all members of their organization. This makes it easier for spammers to target contacts using accounts from within that organization to bypass spam filters and make the messages appear legitimate.
Business Email Compromise schemes are nothing new but while most BEC scams of the past have focused on CEO fraud, W2 harvesting and largely targeting key departments like accounting and HR, we’re seeing broader techniques emerging in 2021. Things like lawyer, payroll and banking scams are being used to target employees company-wide. A single email can target up to 30 employees in the span of five minutes, increasing the likelihood of compromise before the threat is identified.
Thread hijacking will continue to grow.
As more trusted vendor, client or other business contacts are harvested from compromised accounts, the threat of thread hijacking has also increased. Thread hijacking happens when a compromised account is used to send an infected message in response to an existing email conversation. In these instances, the spammer is counting on the legitimacy of the existing conversation to trick the target into opening an infected link or attachment. These threats are often easier to fall for, as they include attachments disguised as quotes, invoices or images in continuation of a legitimate email thread.
Remote image-based threats could push email security filters to their limits.
Image-based threats are also becoming more sophisticated, with spammers shifting away from using .exe. attachments or bad website links and instead coding PDFs, image files and even calendar invites to bypass email security filters.
The goal is for each attachment to seem as legitimate as possible—right down to preserving the file type. We’re seeing these remote image-based threats appear as stand-alone attachments and embedded files in HTML formatted email forms or newsletters.
How to protect yourself from spam attacks:
With new opportunities in compromised accounts and more sophisticated targeting, it’s important to remain cautious even when an email seems to be coming from a legitimate sender.
You can avoid falling for email spam threats by looking out for these red flags:
Attachments you aren’t expecting—this includes PDFs, images, links to download or even audio files. DO NOT open any attachments you aren’t expecting.
Newsletters, forms and calendar invites you’re not expecting—DO NOT open calendar invites or image attachments you’re not expecting. DO NOT enable embedded images from newsletters or forms you’re not subscribed to.
Vague claims about invoices paid or due with no specific details included in the body of the email.
Vague messages prompting you to call a different number than the contact’s listed number.
Messages lacking a recognizable email signature.
Remember not to reply to emails you suspect are compromised. This will just present additional opportunities for the spammer to target you. Instead, reach out to the company via legitimate phone number or a different company contact to confirm the validity of the email. This alerts them to the issue and protects you from becoming the next victim.