Email Security

    Top 5 Email Security Challenges

    As cybercriminals exploit email in their incessant attacks on businesses, watch out for phishing, VIP impersonation, ransomware, account takeover, and payment fraud.

    by Theresa Foley

    Key Points

    • Email is cyberattackers’ go-to mode for breaking into your business.
    • Attackers may intrude on your email exchanges — for example, to listen in on dealmaking or redirect payments.
    • Or they might use email as a launch vehicle for wider attacks — for instance, conning recipients out of admin passwords to take over your network.
    • Mimecast’s new series of ebooks delves into the Top 5 email ploys used in cyberattacks.

    Businesses continue to rack up losses every year from email attacks — with the costs per successful attack now running into the millions of dollars, on average.[1] Evidence from the FBI and others shows that yesterday’s email security protections may not work against today’s elevated threats, as attackers keep adapting to evade defenses. To help businesses face this mounting risk, Mimecast has singled out the top email security challenges along with best practices to meet them, in a series of five ebooks titled Future-Proofing Your Cybersecurity Strategy. The series covers:

    • Phishing
    • VIP impersonation
    • Ransomware
    • Account takeover
    • Payment fraud

    Phishing Continues to Lure the Unaware into Risky Business

    Phishing is the most prevalent tool used to commit cybercrime, and 96% of companies participating in Mimecast’s State of Email Security 2022 survey said they were hit by phishing attempts in the last year. This digital con game fools an employee into opening mail and doing its bidding — whether clicking on a malicious weblink, downloading an infected attachment, or otherwise putting valuable data, network access, or funds at risk. You can learn more about the problem, as well as innovations such as using artificial intelligence (AI) to detect this email risk, in our ebook on phishing trends and best practices.

    VIP Impersonation: A Multibillion-Dollar Enterprise

    Attackers have stolen money and data from innumerable companies by impersonating a CEO or CFO — for instance, spoofing their email addresses to communicate with employees and partners. From mid-2016 through 2021,the FBI received reports of $43.3 billion worth of losses due to business email compromise scams such as impersonation. Read our ebook on VIP impersonation to learn more about this crime and some of the latest techniques to prevent it, like using AI-based behavioral analysis to flag unusual communications. 

    Ransomware Poses Financial and Operational Risks

    Email plays a pivotal role in delivering ransomware, usually as phished employees unwittingly provide cybercriminals with administrative credentials and other keys to their companies’ networks. Once inside, ransomware gangs encrypt sensitive data and then, just like kidnappers, demand huge payments to return the data and restore business-as-usual. Ransomware cases have become common news headlines, and experts say that in the future, a ransomware attempt will occur every other second. Find out more about preventing ransomware losses and, importantly, ensuring business continuity if attacked, in our ebook on ransomware.

    Account Takeovers Open Businesses to Fraud, Theft

    Another goal of digital thieves is to go beyond merely spoofing email account holders to actually take control of their accounts. Account takeover involves hijacking, monitoring, and manipulating the email accounts of executives and other privileged users. Lurking within these breached accounts — sometimes for months — the thieves use forwarding and filtering rules to spy on daily correspondence and then intercept routine payments, deliver malware, or make fraudulent requests for confidential data. One estimate concluded that a single, typical account takeover attack can cost a company $5 million.[2] Dig deeper in our ebook on account takeovers and learn how to limit the damage, including safeguards against data exfiltration in outbound emails.

    Payment Fraud Grows in the Digital Marketplace

    Email is also one means of perpetrating payment fraud. With the meteoric rise in the use of digital payments, the scope, scale, and variety of payment fraud schemes are burgeoning. In the last decade, related losses have tripled to $32.4 billion globally.[3] Read our ebook on payment fraud to learn more, including the best practices in employee awareness training to sidestep fraudulent emails.

    The Bottom Line

    Cybercriminals may be increasingly creative in using email to attack your company, but email security technology is also improving. Find out how to get a handle on constantly evolving email risk in Mimecast’s new series of ebooks on the top five email security challenges: phishing, VIP impersonation, ransomware, account takeover and payment fraud.


    [1]IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High,” IBM and Ponemon Institute

    [2] Ibid

    [3]Global Payment Fraud Statistics: Trends and Forecasts,” Merchant Savvy

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top