Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Mail Email Security Education: Top Two Trends 
Mail

Email Security Education: Top Two Trends 

By Mia Thompson
26 March, 2020

Please note: For privacy reasons, the identity of the hacked accounts in the examples used for this blog have been changed or hidden.

Email remains the key way cybercriminals get into your business. It’s also the productivity tool most businesses rely on to get jobs done. With around 68% of email traffic within organizations believed to be spam or malicious in naturei, it’s crucial to understand email attacks and tactics to combat these threats. Understanding cyber threats also puts managed services providers (MSPs) in a position to educate customers and provide them with tactics to educate their employees. Today, we look at the top threats we’ve seen for email so far this year.

Trend 1: Phishing continues to dominate

Paypal scam image

Phishing attacks have dominated the email security landscape with 93%ii of breaches resulting from phishing attacks and pretexting, and 84%iii of social attacks involving phishing emails. Looking at the top threats we’ve seen so far, it’s likely this will continue into 2020. 

Cybercriminals use this tactic, because it works. These campaigns are carefully developed to trick users into believing the sender is legitimate and prompt them to click on links and provide information such as credit card details. 

PayPal phishing emails are still making the rounds. Hackers pretend to be PayPal with the aim of getting users to confirm their personal details. In the example, the email looks legitimate from a glance. But, if you take a closer look at the recipient, notice the sender is not a standard address. Hovering over the “Log In” link also shows it’s not a legitimate PayPal URL. Another popular campaign going around is Apple phishing emails. In our example the hackers are trying to retrieve sensitive billing information from recipients. 

The top three tips users can employ to verify the legitimacy of emails of this nature, are: 

  • Look at the email “From” field
  • Hover over the links within these emails (e.g. “Access my account”) to ensure it redirects to a secured link (“https:” and not “http:”)
  • Look at the language. These emails are normally crafted to create a sense of panic or urgency to act in the recipient. 
Apple scam email

Trend 2: Malicious email attachments 

Shipping Scam

Emails with malicious email attachments are designed to get viruses, malware, Trojans, and more onto their victim’s computer—and ultimately into the company’s network, so they can either destroy data or steal information. Some of these threats can even enable hackers access to take control of a user’s computer. As such, they pose a serious threat to businesses. 

Cybercriminals use different techniques to cloak malware in file attachments with the intent of tricking email scanning technologies and users. They typically send attachments with email content that convinces users to believe it’s legitimate.  In this example, the hackers use Maersk—one of the world’s largest logistics companies—to try to infiltrate a Maersk customer’s account by prompting the user to download shipping documents. 

Initially, the HTML attachment seems legitimate. It’s also a commonly used file type. While many users may recognize that .EXE and .PDF files are potentially malicious, many won’t think twice about opening an HTML attachment. However, HTML attachments are often used to deliver malware code to endpoints through embedded JavaScript. There is also an uptick in cybercriminals using HTML attachments to embed URL redirects that aim to trick antivirus scanning software or deliver the recipient to non-legitimate web pages. Once again, users should hover over the links to ensure it redirects to a secure URL. In the case of attachments, industry experts advise to first save the attachment to a downloads folder from where the true file type can be viewed. Finally, a generic greeting should also spark concern—legitimate companies often address the recipient by name. 

Reducing your risk

Three things you can start doing today to help reduce your risk and that of your customers are: 

  1. Practice strong in-house security—including patching, putting up firewalls, running backup, and adding a professional email security solution. It also includes investing in advanced endpoint protection. Make sure to monitor for threats with advanced threat detection tools and use a password management tool.
  2. Help customers establish and maintain a culture of security.
  3. Teach users how to spot malicious emails. Share simple tips like the ones we discussed above—check the URLs in email to ensure it redirects to legitimate web pages, be on the lookout for malicious email attachments, and save the attachment to a downloads folder from where the file type can be viewed first before opening it. File types such as .JS, .EXE, .COM, .PIF, .SCR, .HTA, .vbs, .wsf, .jse, or .jar are malicious file types you shouldn’t open, though as we’ve seen above, HTML files can also be malicious. 

One malicious email can cause a lot of damage to you and your customer’s businesses. Employing professional-grade email protection to prevent malware from getting into yours—and your customers’—networks, can help stop and mitigate damage by: 

  • Defending against cyberattacks that infiltrate through email-borne threats
  • Giving users greater control and visibility over email flow
  • Protecting intellectual property and business data
  • Boosting uptime and increase productivity

 

Try SolarWinds® Mail Assure Free for 30 days

 

Mia Thompson is product marketing manager, Mail Assure, at SolarWinds MSP.

 

Sources

i Get One Step Ahead of Email Threats, FireEye (Accessed February 2020).

ii 2018 Data Breach Investigations Report, Verizon (Accessed February 2020).

iii 2019 Data Breach Investigations Report, Verizon (Accessed January 2020).

Additional reading

How to Stay Safe from Office Macro-Based Malware with Email Security  
Top Social Engineering Techniques Trending on Email 
How to Protect Your Organization Against Email Spoofing 
You might also like...
Mail

How Email Archiving Can Help Move You Toward SOX Compliance

Mail

How a Secure Email Gateway (SEG) Can Protect Your Business

Mail

How to Effectively Use an Email Spam Filter Service

Mail

6 Cybersecurity Tips for Business Email

Mail

Partnering for Growth: Strong Defenses, Solid MSP Partnerships

Mail

What Is DMARC Email Security and How Do You Implement It?

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Cybersecurity (37)
  • Automation (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Data (21)
  • Cloud Computing (21)
  • Networking (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Services & Support (5)
  • Service Desk (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • GDPR (2)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.