Email Risk Calculator

Attachment or payload-based attacks are a component of a cyberattacks that are malicious and delivered through payloads through malware, or malicious software.

For more information on Ransomware and Malicious Payloads, download this eBook.

Malicious link or URL-based attacks are used in phishing campaigns. Hyperlinks embedded in email content can lead users to malicious websites that automatically deliver malware, harvest user credentials or steal other sensitive information.

For more information on Malicious URLs, download this eBook.

Executive impersonation is a prominent example of business email compromise (BEC) – fraud carried out when attackers spoof or compromise legitimate business email accounts through social engineering or system intrusion. In executive impersonation attacks, cybercriminals pose as organizational leaders with the goal of tricking employees into sharing credentials, exposing sensitive information or transferring funds.

For more information on Executive Impersonations, download this eBook.

While spear phishing is a highly targeted form of phishing, whaling attacks are even more precisely aimed sending deceptive emails to high-level decision makers such as CEOs and CFOs.

For more information on Whaling Attacks, download this eBook.

Attackers leverage a wide variety of techniques to perform credential harvesting attacks or email account compromise, in an attempt to obtain user credentials or capture other data, often from user input locations like login pages. The ability to impersonate business applications and relationships makes users a target for credential theft and email account compromise.

Common brands, and templates, allow for employees to perform their duties more efficiently. But, it also gives attackers an easy target to deliver Business Email Compromise (BEC) attacks. And, because the phish appears to be from a trusted brand or vendor applications, users are tricked into taking action sharing sensitive information.

Cybercriminals are using social engineering scams, specifically phishing and spear phishing, to target cryptocurrency wallets by stealing user key information. These attacks send targeted emails with fraudulent links, where they solicit important details associated with the crypto wallets to gain access.

One of the more common email phishing attacks is the “voicemail message” or “missed call” message scam. Leading to annual global losses in the billions, these voice scams rely heavily on social engineering and manipulation to get victims to give away information. With vishing, scammers typically pretend to be from a trusted/official source, such as a bank or government organization.

For more information on voicemail spoofing, read this blog.

In an attempt to gain login credentials to critical systems, attackers will send phishing campaigns that appear legitimate, incorporating authentic brand logos and email templates. The goal is to trick the user into clicking on the link to steal credentials.

Fake Fax emails, or eFax, are landing in users’ inboxes. Many of these attacks contain attachments or links, when opened/clicked, the users’ machine is infected with a malicious payloads, that could include ransomware.

The way consumers and businesses shop has fundamentally changed, with online purchasing accounting for almost 15% of all purchases. As a result, delivery scams sent via email, with fake tracking links or requests to verify personal identifiable information, lead to increasing numbers of malicious activities.

Domain hijacking is when a cybercriminal has gained control of a legitimate organization’s complete Domain Name System (DNS), allowing the attacker to make changes, including email accounts. Then, a hijacker can send emails to customers or vendors to gain sensitive information or financial information.