What to Know About Email Security

Attack vectors get more and more sophisticated every day. That is why having up-to-date email security should be a top priority for your business.


What to Know About Email Security

One of the weakest links in keeping your business secure can be the employee who opens a malicious email. Attack vectors get more and more sophisticated every day. That is why having up-to-date email security should be a top priority for your business.

Biggest Trends in Email Threats: Sophistication at Scale

Increase in volume
  • Casting a wider net of targets increases the chances that threat actors receive a response. Whereas large scale threats have been a trend for a while, the sophistication of these attacks has grown, making them both more dangerous and more large scale than before.
Social engineering in spear phishing
  • Gone are the days of phishing that is easy to identify because of broken syntax or poor grammar. Now, businesses must be on the lookout for spear phishing email tactics targeted specifically for them and their business leaders. Social engineered phishing emails are becoming increasingly more common. Such scam emails look and feel legitimate to the user because of proper grammar and syntax and sender addresses are legitimate and relevant.
  • Why are malicious actors able to scale their attacks now more than before? There is a plethora of data at anyone’s disposal. Social media platforms, such as LinkedIn serve as a good resource for scammers to gather background information and increase the sophistication of email targeting. Many use personal information (email addresses, photos, organization names or job titles) to disguise phishing emails.

Common Phishing Tactics

Brand names
  • How do threat actors appeal to the broadest audience? Using well-known brand names and brand creative – like those of Apple or Netflix – to catch email users off guard and make them more likely to click.
  • Another common tactic is using event-related content in the email. A topical subject line (themed for the Olympics, holidays, or elections) is more likely to draw attention and generate clicks. Events that are typically associated with giving (elections, Thanksgiving, winter holidays) are particularly successful in drawing attention, user clicks and engagement.

Email Security Vulnerabilities

Email security for enterprises depends on the SPF framework. This framework identifies the sender’s organization and validates the IP address. If the email passes the framework, the email is delivered. If not, it’s blocked or sent to the spam folder. For many organizations, a failing SPF framework – due to poor filtration, incorrect implementation or ineffective use – poses the biggest threat to email security. Without effective framework, the onus is on the end user to judge a legitimate email from a phishing scam.

This means that another large vulnerability for organizations is human behavior. Employees must be able to identify a suspicious email and then correctly decide not to open it. To make the correct decision, employees must be adequately trained and apply that training. Impressing the importance of vigilance is half the battle for email security. Even if an employee has adequate training, the everyday distractions they face can cause them to interact with phishing emails.

Improving Email Security

The first step in improving email security is having the right tools. TorchLight uses the Knowbe4 tool under Cisco’s protection umbrella. This tool blocks emails depending on their source. We also provide hands-on testing of your SPF framework – sending fake spam emails and tracking their progress. You can’t solve email security problems with only tools. Solid employee training is essential – in both initial education and in continuous updates and improvement. TorchLight works with you to cater employee training to your business needs, ensuring a safer future for your employees and the success of your business.

Contact TorchLight to enhance your email security and keep your business secure.