A Complete Guide to Threats, Protocols, and Protection
What is email security, and why is it necessary?
Email security refers to the standards, best practices, and technologies used to protect personal and corporate email accounts and communications. While consumers typically rely on Internet service providers to provide their email security, small-to-midsized businesses and enterprises typically manage it in-house.
Email has been a popular target for cybercriminals since its inception due to the relative ease of creating and launching email attacks. As the popularity of email increased, so too have attacks. Today, email is the #1 attack vector, making email protection critical to the health, reputations, and futures of businesses and organizations.
Types of email security threats
Email security threats can arise from a number of situations and through a variety of methods. Below are some of the most common threats to consumers and businesses.
While it can also be delivered via text, chat, and other methods, phishing is typically delivered via email. A phishing email impersonates a known brand with the purpose of tricking a recipient into clicking on a malicious URL. The URL leads to a phishing page that looks like a legitimate webpage and includes a form designed to capture a user’s login credentials. When a user fills out the form, their account information is stolen by the phisher.
Trust Wallet phishing email
Trust Wallet phishing page
Unlike phishing, spear phishing, also known as business email compromise (BEC), attacks are highly personal and targeted email attacks designed to trick users into fulfilling a request. Spear phishing emails tend to impersonate people rather than brands. Often, spear phishers impersonate colleagues, business partners, vendors, and other acquaintances. A typical spear phishing email is short and to the point, and includes only text. The most common spear phishing scams include the gift card request, CEO fraud (wire fraud), and tax fraud.
Spear phishing email
Malware is a computer virus that can be distributed via email links and attachments. Malware comes in many forms and with varying levels of sophistication. Most malware viruses are designed to download on a user’s computer without their knowledge. Once the malware has been downloaded via a link or attachment, cybercriminals can spy on users, steal account credentials and digital assets, replicate themselves, or spread to other systems.
Phishing email with malware-weaponized link
Ransomware is a type of malware that encrypts a user’s computer, denying access to all applications and data. In most ransomware attacks, the virus triggers a ransomware message on the user’s computer screen, demanding a ransom in return for a decryption key.
Common email security protocols
Email security protocols include transfer, encryption, policy, and authentication protocols. Below are some of the most common protocols used in email security:
SPF is an authentication protocol that allows administrators to designate senders who are permitted to deliver emails from a domain. Authorized senders are added to a DNS record for the domain. In theory, SPF should block unauthorized IPs from sending emails from the domain; however, SPF is limited and requires additional protocols to be effective.
DKIM (DomainKeys Identified Mail)
DKIM is an authentication protocol that can detect forged or spoofed email addresses. DKIM creates a digital signature linked to a domain name for outgoing messages. This signature verifies to the recipient that the domain has not been modified.
DMARC (Domain Message Authentication, Reporting, and Conformance)
Also an authentication protocol, DMARC enables domain owners to validate their domains by publishing a DMARC record into a DNS record. A DMARC policy is published in a DNS record and indicates what action should be taken if an email fails either SFP or DKIM authentication.
Email security software
Traditionally, email communications have been protected by secure email gateways, or servers through which incoming and outgoing emails pass. Secure email gateways can be deployed both on-premises as appliances or in the cloud as virtual machines.
A more modern approach to email security is solutions that can be deployed via an API, first coined by Gartner as a Cloud Email Security Supplement (CESS) and later as an Integrated Cloud Email Security Solution (ICESS). Unlike a gateway, an API-based solution sits inside an email client, such as Microsoft 365 or Gmail.
An ICESS serves as a secondary layer of security, analyzing email after the first layer (Microsoft or Gmail), and can detect malicious emails that may have bypassed the first security layer. Another benefit to an ICESS is that admins can remove malicious emails or remediate misclassified emails after delivery—something that cannot be done with a gateway.
Email security best practices
There are a number of email security best practices that can help keep your organization safe from email threats. While technology plays an important role in defense, people are also critically important to email security and can be the last line of defense when a business is attacked.
- Deploy user awareness training software.
- Hover over links in emails to see the final URL.
- Do not open attachments from unknown recipients.
- Do not log in to online accounts via email.
Vade email security
Vade protects more than 1.4 billion mailboxes from phishing, spear phishing, malware, and ransomware. Our email security solutions are powered by our core email filter, an AI-based, behavioral engine that features Machine Learning and Computer Vision algorithms that analyze emails and webpages for anomalies and malicious behaviors.