Protecting yourself against the 7 dangers of email security

Email security

Email use allows us to connect with people around the world and send messages instantly. It is because of this, that it is the most common source of viruses and malware attacks making it incredibly important to ensure you have the correct protection in place for your business or personal email accounts.

Here we will cover 7 different types of dangers in your inbox, and the ways in which you can make sure you are fully protected against them, giving you a better chance of keeping your email secure against attackers.


1. Email-borne viruses and malware

One of the key threats on email security is email-borne viruses and malware. In 1999, The Melissa virus was one of the first instances of this method being used to infect a wide range of accounts. At the time, it was the fastest spreading virus recorded.

Since then, it has been a common tool used by cyber-criminals to spread viruses to the masses. The reason behind this attack is usually to access valuable information such as passwords and bank details via keyloggers, causing damage and disruption to your computer or installing malicious software to gain access to the system.

2. Spam emails

Most likely the least damaging attack on the list is spam. This type of email is disruptive and time consuming for the victim, often impacting productivity. However, it is worth noting that a spam email is much more likely to contain malware than a regular email. Similar to other types of unwanted email, systems will need to be put in place to filter out spam emails. Most modern inboxes are set up to automatically filter out the spam emails into your ‘junk’ folder, however, some may often slip through the net.

3. Phishing and spoofing

Phishing refers to receiving an email from someone who is impersonating another person. These often show up as fake bank emails, Parcel delivery services, phone broadband providers, or even a friend or colleague. Always keep lookout for these types of emails and report them if something does not seem right.

Sophisticated cyber-criminals can now ‘spoof’ emails. Similar to phishing, it is an imposter email, but spoofs can appear to be from the correct sender’s email address, making it harder to spot than the regular phishing attack.

4. Whaling

This is a particularly nasty type of targeted phishing where cyber-criminals target a business’ senior leaders and key decision-makers. They use the persons influence and social engineering tactics to swindle victims into carrying out certain actions, such as a large bank transfer. When these types of requests come from a trusted colleague, they are often more persuasive and therefore more likely to be successful.

5. Thread hijacking

A less common form of email attack is thread hijacking. This criminal technique involves hijacking an users email conversation with the intent of malicious gain. The cyber-criminal will then encourage the victim to open emails containing malware, with the intent of infecting the recipients entire contact list. Similar to spoofing, this attack is hard to spot as it will appear to come from a trusted sender.

6. Ransomware

Ransomware is very commonly spread via email. It involves taking the victims files or information hostage, most likely by encryption, and demanding a ransom is to be paid in order for the return of said files. The payment is often paid in crypto-currency to protect the identity of the criminal, who rarely returns the stolen files regardless of receiving payment or not.

7. Human error

The final danger of email security is human error. Most of the above attacks are only made dangerous once a user has been tricked into making an error. Avoid human error by checking emails thoroughly, verifying the sender, and thinking before clicking on any link that appears in your inbox. Reporting all suspicious emails is key to reducing the risk of danger on your email security.


Preventing the risks

Making sure you and your colleagues are fully educated on email security is the most effective way of combating cyber-attacks in the inbox.


  • Make sure all staff members are vigilant when they receive any email relating to finance. Always double check before clicking a link, even if the email turns out to be genuine, it is good to be safe.
  • Always check the email address of the sender. If you see any spelling mistakes or errors in the address it is most likely malicious, so delete the email immediately.
  • All users should be aware that emails can be ‘spoofed’. They must know about the risks of this form of attack, and how difficult they can be to spot.
  • Lastly, be sure to have internal processes implemented that allow for additional checks. For example, if a payment has been requested by email, a verbal confirmation must be given by a supervisor before the payment is processed.

More Information

For Cyber insurance advice, or to speak to a broker, contact your branch.