The Definitive Guide to Email Threats

The Definitive Guide to Email Threats

FACT: Business Email Compromise attacks cost businesses over USD 2.9 billion last year (FBI)

According to Campaign Monitor, the average employee receives 121 emails every workday.

Clearly, due to our reliance on email, attackers focus their attention there as well.

In this article, you’ll learn the most common types of email threats and how to protect against them.

Table of contents:

What is email security?

For many organizations, email is one of the primary means of communication. It can be used to send almost any kind of media, either embedded or as an attachment. Due to the fact that employees have access to email on both their work and personal devices, the attack surface for email is quite large. Attackers often exploit email for phishing attacks, to send executable payloads, and exfiltrate data.

Email security refers to the controls and techniques used to protect email from unauthorized access, misuse, or cyber threats. It involves a combination of technologies, protocols, and best practices to ensure the confidentiality, integrity, and availability of email messages.

How Secure Is Email?

Email or SMTP was not designed with security in mind. The original goal was to facilitate communication between different groups. By default, the protocol does not use encryption and makes it trivial to spoof emails from anywhere. Due to the openness of the protocol, attackers leverage these weaknesses in several ways, such as distributing malware, phishing emails, business email compromise attacks, and spam.

The most common email threats

The most common email threats include:

Phishing Campaigns

Fraudulent emails designed to trick recipients into revealing sensitive information or clicking on malicious links that can lead to malware infections or credential theft.

Malware Distribution

Malicious emails containing attachments or links that, when opened or clicked, can download and install various types of malware, such as ransomware, trojans, or keyloggers.

Business Email Compromise (BEC)

Targeted email attacks aimed at employees with access to financial accounts or sensitive data, impersonating executives or trusted partners to initiate fraudulent wire transfers or data theft.


Unsolicited bulk emails that can waste resources, negatively affect productivity, and potentially contain malicious content or links.

Email Account Compromise

Attackers gain unauthorized access to email accounts through credential theft or brute-forcing, enabling them to launch attacks from trusted accounts.

Email Spoofing

Forging the sender’s email address to make messages appear as if they are coming from a legitimate source, often used in phishing or spam campaigns.

Email Bombing

Overwhelming email systems or accounts with a massive volume of messages, leading to denial of service or disruption of operations.

Data Leaks

Sensitive information being inadvertently or maliciously shared through email, potentially leading to data breaches or compliance violations.

Email-based Social Engineering

Manipulative tactics used in emails to trick recipients into divulging confidential information or performing actions that benefit the attacker.

What type of data gets leaked

Data leaks via email generally occur due to human error, insider threats, or cyberattacks. No matter the cause, the following types of data typically get leaked:

  • Personal Identifiable Information (PII): This includes names, addresses, phone numbers, social security numbers, credit card details, and other personal data that could enable identity theft or fraud.
  • Financial Data: Confidential financial records, banking information, account numbers, transaction details, and other fiscal data that could be exploited for financial gain.
  • Healthcare and Medical Data: For organizations in the healthcare space, electronic medical records (EMRs), patient health information, insurance details, and other protected health information (PHI) covered by regulations like HIPAA.
  • Intellectual Property: Trade secrets, proprietary research, product designs, source code, business plans, and other commercially valuable intellectual property.
  • Legal and Corporate Data: Sensitive legal documents, contracts, merger/acquisition details, internal communications, and other confidential corporate data.
  • User Credentials: Usernames, passwords, and other authentication credentials that could enable unauthorized access to systems and accounts.
  • Customer Data: Customer databases, contact information, purchase histories, and other customer records containing personal or transactional data.
  • Employee Data: Human resources records, payroll information, performance reviews, and other private employee details.
  • Internal Communications: Confidential emails, memos, or other correspondence containing sensitive business discussions or decision-making details.
  • Regulated Data: Information protected by regulatory compliance frameworks like GDPR, CCPA, PCI-DSS, or industry-specific regulations.

Top 10 email security best practices

The following ten best practices can help you significantly reduce the risks of email threats:

  1. Enable Email Authentication Protocols: Use protocols like SPF, DKIM, and DMARC to authenticate email senders and prevent spoofing attacks.
  2. Implement Multi-Factor Authentication (MFA): Require MFA for all email accounts to help prevent unauthorized access, even if passwords are compromised.
  3. Use Email Encryption: Encrypt sensitive email communications to protect confidential data from being intercepted or accessed by unauthorized parties.
  4. Deploy Email Gateways and Filters: Implement a Secure Email Gateway (SEG) with spam filtering, anti-malware scanning, and advanced threat protection to block malicious emails and attachments.
  5. Conduct Regular Security Awareness Training: Educate employees on identifying and reporting suspicious emails, phishing attempts, and other email-based threats.
  6. Use a Password Manager: Require the use of a password manager to generate and store strong, unique passwords for each email account. This can help prevent password reuse and make it easier for employees to manage their passwords securely.
  7. Implement Data Loss Prevention (DLP): Deploy DLP solutions to monitor and control the flow of sensitive data through email, preventing accidental or intentional data leaks.
  8. Maintain Email Backups and Archiving: Regularly back up and archive email data to ensure business continuity in case of a breach.
  9. Establish Email Usage Policies: Develop and enforce clear policies for appropriate email usage, handling sensitive information, and reporting security incidents.
  10. Monitor for Compromised Accounts: Implement data breach monitoring and incident response processes to detect and respond to compromised email accounts quickly.

Compromised accounts are one of the most common initial attack vectors for data breaches.

In fact, according to the Verizon Data Breach Investigations Report, leaked or stolen credentials were involved in 86% of data breaches investigated.

If your security team needs visibility into your leaked credentials, book a demo to see how Breachsense can help.

Related Articles