Skip to main content
Passportal Insights

The Top 3 Email Threats Facing Your Customers Today

By Chris Crellin

According to Barracuda’s recent Email Security Trends special report, 87 percent of security professionals reported that their company faced an attempted email-based attack in the past year, and more than one-third had experienced a ransomware attack.

When these attacks occur, they interrupt employee productivity and divert IT resources from other projects to deal with the attacks. They can also cause monetary losses and damage the company’s reputation, and hackers can walk away with a wide variety of intellectual property and sensitive information. Ransomware is another big concern. According to the survey, 75 percent of ransomware attacks originated with an email.

Among the most common types of attacks and security issues that MSPs are likely to encounter when working with clients, here are the top three threats:

1) Phishing/Spear Phishing: 

Phishing is by far the most common type of email-based attack. A traditional phishing attack involves sending malicious emails to large numbers of people. The messages usually attempt to get users to open an attachment or click on a link that will send them to a spoofed website. They rely on social engineering, appearing to direct victims to update their security settings or claiming that their email or other online services are about to be shut down or are otherwise at risk. If successful, the attackers can infect the computer or network with malicious code, or harvest usernames and passwords from their fake websites.

Spear phishing, on the other hand, is a more targeted attack against a specific person or a handful of individuals. These attacks involve researching the victims via social media and other outlets, which allows them to create an even more believable message that appears to come from a trusted source. While more challenging to launch, these attacks are usually more successful. (Another variation known as whaling is a spear phishing attack against a high-ranking executive, like a CEO).

2) Business Email Compromise or Account Takeover: 

 According to Osterman Research, in the past 12 months 44 percent of organizations were victims of a targeted email attack launched from a compromised account. An account takeover (ATO) attack involves a criminal getting access to a trusted email account and using it to launch subsequent phishing or ransomware attacks.

These attacks are doubly dangerous because they can be highly successful and are also difficult to detect because they come from an otherwise legitimate account. Attackers usually gain access to an account via phishing or malware, or they purchase credentials.

3) Cyrptojacking:

This type of problem grew significantly over the past year. Websites embed JavaScript components that can use a visitor’s computer to help mine cryptocurrency, diverting processing and power resources. Increasingly, cryptojacking systems have been blocked as malware. Hackers can even place a mining component on someone else’s website without their knowledge, and cryptomining botnets have been discovered taking over thousands of computers.

In those cases, phishing emails are often used to get scripts onto users’ computers. For cryptomining that is embedded in a website, ad blocking software can sometimes be effective. Some endpoint solutions also protect against these scripts, and corporate network monitoring tools can also uncover cryptojacking activity.

While email-borne attacks are on the rise, the most common problems can be prevented or identified early through a combination of training, monitoring, and end-to-end security. MSPs that take a comprehensive approach can best protect their clients’ email systems — and their network and devices — from the nefarious threats mentioned above.


Written by:


Chris CrellinSenior Director, Product Management, Barracuda MSP
Twitter   | 

Welcome to the Passportal Blog

Into cybersecurity? Read up on current trends in IT Services and ensure you’re up to speed on best practices on how to grow your business.

Want to stay up to date?

Get the latest N-able tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Automated password protection with documentation management integrated with the MSP tools you already use

Manage passwords with ease