email threats

13 Email Threat Types To Know About Right Now

A cyber-attack can have serious consequences for a business depending on the nature of the threat. It can result in a severe financial loss – not just from the direct attack, but from indirect costs. These could include legal fees, operational disruptions, and a damaged brand reputation.

It is critical to be aware of potential threats and how you can protect your business against them. So, here are the top 13 email threats that you need to know about and defend against.



This is one of the most common threats facing business today. It consists of unsolicited bulk email messages that are sent to many email addresses. Some might push scams or conduct email fraud. Others might impersonate brands and trick recipients into revealing personal information. Usually, modern email gateways can effectively filter out these emails.



Emails can deliver malicious software or malware. Usually, this is hidden in documents or in an embedded script that downloads it from an external site. Common types include viruses, trojans, spyware, worms, and ransomware. Like spam, this is best filtered out by the email gateway. But, there are more advanced techniques, such as sandboxing, that provide extra protection.


3.Data Exfiltration

This is the unauthorized transfer of data from one device to another – usually through malicious programming on the internet. Such attacks are usually targeted and aim to access a network or machine. For protection, businesses can use data loss prevention technologies. These scan outgoing emails for sensitive data and automatically encrypt them.


4.URL Phishing

In this case, cyber-criminals direct email recipients to fake websites that look legitimate. Usually, the emails encourage you to input sensitive information such as passwords or banking details. API-based inbox defense offers business protection. It does this by enabling a historical, internal view of actual URLs used by an organization.



Scamming involves fraudulent schemes that trick victims into disclosing personal information. Common examples include job postings, investment opportunities, inheritance notifications, fund transfers, and lottery prizes. API-based inbox defense also protects against scamming. It uses historical email communications to determine normal email styles between employees.


6.Spear Phishing

This is a very specific form of phishing where cybercriminals research their targets to craft targeted emails. They might impersonate a colleague or well-known business to obtain sensitive information.

They may also use tactics such as urgency, brevity, or pressure to manipulate the recipient. These are notoriously difficult to detect without an API-based inbox defense.


7.Domain Impersonation

This involves attackers using specific techniques such as typo-squatting or replacing letters in an otherwise legitimate email domain. Thus, this threat can be easy to miss. Luckily, email gateways often build lists of legitimate domains of businesses. Also, API-based inbox defense associates specific individuals with particular domains. Thus, it can detect and block unusual requests.


8.Brand Impersonation

This tricks victims into disclosing personal information by impersonating a well-known brand. DMARC authentication can help prevent this by reporting how an email domain is used.


9. Blackmail

In blackmail, hackers leverage obtained information to pressure a victim into giving them money. Email gateways that recognize communication patterns can identify this type of threat.


10.Business Email Compromise

BEC is another specific form of attack. It involves cybercriminals impersonating business employees. Often, they target employees with access to company finance or sensitive information. Then, they pressure them to disclose information. API-based inbox defense and email gateways can help prevent this.


11.Conversation Hijacking

Conversation hijacking involves cybercriminals inserting themselves into an existing conversation attempting to obtain sensitive information. This requires understanding the business operations and can be reduced with API integration.


12.Lateral Phishing

This involves hackers taking over recently hijacked company accounts to send phishing emails to many employees. Being from a recognized source, they are often successful. But API integration can help defend against this.


13.Account Takeover

This is a complex form of identity theft and fraud. Cybercriminals use phishing to gain account credentials. Afterward, they might monitor business activities to launch other attacks. You can sometimes prevent this with an inbox defence that detects unusual activity.


The Bottom Line

With vigilance and awareness, a business can train employees to detect suspicious emails. When coupled with email defenses, this can reduce the vulnerability of a business to these threats. To learn more on how to protect your business from email threats, reach out to one of our MicroAge locations.

Find a MicroAge near you

With a growing Network of independently owned locations (currently at 41) from coast-to-coast, MicroAge is Canada’s leading IT solutions and service provider focused mainly on small and midmarket businesses.

Most commented posts


3 Critical Cyber Threats For Businesses in 2019

Malware, vulnerabilities, and social engineering are some of the main concerns for IT security professionals. Although the tactics used to target businesses and individuals are…

Read More
Infrastructure informatique, IT infrastructure

5 Benefits of an Optimized IT Infrastructure

Is your current IT infrastructure helping your business thrive in its industry or creating obstacles for growth? If you’re still not using cloud technologies to…

Read More
Cloud Infrastructure hébergée

3 Advantages of Using Cloud Infrastructure

Everyone knows that cloud computing is a hot trend, and its adoption should only increase over the next few years. According to one study published…

Read More
cloud data back up

5 Reasons Your Company Should Use the Cloud for Data Backups

From emails with malicious files to zero-day vulnerabilities, the risks to business data are everywhere. An excellent strategy to prevent information loss and protect your…

Read More
securite Windows 7 security

How to Extend Your Security for Windows 7

January 14th, 2020 is the date when Microsoft has announced it will end ongoing support for Windows 7. This may not seem like an important…

Read More