chat
expand_more

What Are the Cyber Risks to Cloud Email?

Cybersecurity expert Ed Amoroso explores the greatest cyber risks associated with cloud email, including BEC, credential phishing, and spoofing.
January 4, 2023

This article is the second of a five-part series from Ed Amoroso at TAG Cyber. You can read the first post here.

Modern email attacks have evolved from early-generation computer viruses stored in file attachments to more comprehensive exploits that utilize intelligent strategies to find, collect, and target important assets in an enterprise. Such evolution has led to significantly increased focus from enterprise security teams on threats from the email vector—which today often involves cloud-hosted email like Microsoft 365 or Google Workspace.

In this article, we provide a summary of the two greatest cyber risks associated with cloud email. First, we discuss and explain the nature and consequences of business email compromise (BEC), an attack strategy that has risen to the top of most priority lists for CISOs. And second, we introduce the challenges of email fraud, particularly in the context of supply chain and vendor engagements.

The Major Threat: Business Email Compromise

Scams and cons have always been popular crimes, dating back as far as the seventeenth century. Even the father of John Rockefeller, the billionaire founder of Standard Oil, was a known scam artist, often operating under an alias as he sold elixirs and worked unethical land deals. Like all con artists, he worked within the confines of his time—and one can only imagine what the senior Rockefeller might have done had he had access to email.

Or take more recent con artists like Frank Abagnale, who pretended to be a PanAm pilot and a physician in order to commit check fraud and who now spends his time working with the FBI to prevent the same type of fraud—now completed almost entirely electronically.

Today’s scammers have shifted their tactics because they do have access to modern technology and infrastructure. And as we all know, they take full advantage of the free and open nature of email, as well as the generally trusting nature of most email users, even in business contexts. In fact, business email compromise (BEC) involves the compromise or impersonation of email accounts and content for the purpose of financial gain, usually seeking a transfer of funds.

The FBI reports a typical cadence to the modern BEC attack in the context of a timeline with four different steps by the intruder:

BEC Steps by Attackers
  • Step 1 - Target Identification: This involves the research to create profiles for good targets. Employees working in finance-related positions are particularly vulnerable to this type of targeting.

  • Step 2 - Target Grooming: This includes spearphishing and other types of social engineering to begin establishing context and a relationship, in which to create the attack. In some cases, this is very fast but in more sophisticated attacks, this step can take days or weeks to complete.

  • Step 3 - Information Exchange: In this step, the target is led to actually perform the requested transfer or other operation, usually involving the wiring of money from a legitimate account to some established unauthorized recipient.

  • Step 4 - Wire Transfer: This is the ultimate goal for most BEC attacks, where funds move from the bank of the target organization to an account owned by the malicious attackers.

Other Types of Email Fraud

While business email compromise is certainly a major factor in the risk equation for corporate email usage, the possibilities for committing fraud, abuse, and other offensive attacks using email are considerably more involved. This is an important observation for security teams because while preventing funds transfer and other financial losses is essential, the obligation to defend email systems involves much more.

Common types of email attacks include:

  • Phishing: This can be used as the basis for virtually any type of attack, including as the first step in nation-state advanced persistent threats (APTs), and can provide access to entire accounts.

  • Spam: While often perceived as more of a nuisance, spam email can be connected to fraudulent objectives, and with bulk sending, often catches a percentage of victims.

  • Spoofing: This is a common attack where email headers are forged. When this is done, a wide assortment of attacks can be accomplished by targeting a victim recipient, including the delivery of malware.

As suggested above, major vendors such as Abnormal Security offer effective means to address these ongoing cyber risks and protect the email channel. In fact, it has become a mandatory aspect of most enterprise security programs to work with such vendors to reduce both the likelihood of receiving these attacks, as well as the consequence of such attacks if they should happen to reach end users.

Read part three of this series here.

Learn how Abnormal can protect every member of your organization from the full spectrum of email attacks. Schedule a demo today.

Schedule a Demo
What Are the Cyber Risks to Cloud Email?

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More