Types of Email Attacks
There are multiple types of Email Attacks, and we unknowingly have a habit of calling them as Phishing Emails. It is important to understand different types of email attacks because it helps in raising Security Awareness. We are going to cover some well-known unwanted email types in our inbox.
Table of Contents
Spam Email
Spam emails are generally non-malicious but they are often sent to see if an email inbox is active or not. These are sent to wide audience and are not generally targeted. These emails may also contain affiliate links or links to generate ad revenue.
Phishing Email
Phishing emails tend to create urgency in the content of the email so that the user acts on their emotion and click on the URL mentioned within the mail. Can use various methods of social engineering to trick the victim into clicking the URL.
Example: An email from a spoofed website saying that your password is expiring, click on the URL to reset the password.
DocuPhish
These are a type of emails which contains a document with a phishing link in it. These documents mostly ask you to enable editing so that you can click on the link attached inside the document. The link further takes you to a phishing website.
Example: You received a debit charge on your credit card for online shopping which you won’t recognise with a document attached to the email saying that if you want to cancel the order, open the document and click on cancel within.
BEC (Business Email Compromise)
This is a type of email attack which does not contain a link in the email body instead the email is sent in order to establish an email conversation with the victim. Sender of such email is spoofed and the name of someone usually someone known or senior to the victim and a sense of urgency is also created in this email so that the victim instantly responds to the email. These attacks are more common in organisations.
Example: A manager in an MNC receives email from CFO asking to contact over email urgently which further leads to purchasing of some giftcards or paying off some fake invoice.
Malware
These are the type of email attacks which contain a file (like a document file with Macros enable) that once opened can install any type of malware onto your machine which can further download malware applications and could slow down your machine considerably.
Example: An attacker may send you a password protected zip file which contains a crypto miner and claims that if you run this you can earn cryptocurrency but it is actually a malware sitting behind crypto miner.
Customer Care/Fake Invoice Scam
In these email attacks the victim receives an invoice of an unrecognised purchase and there’s a customer care number mentioned on the invoice in case the customer(victim) wants to cancel the order. Now when the victim calls that number he or she is tricked into going to a malicious website or to give their credit card details.
Example: An email saying that congratulations on your new purchase of iPhone 16 and the dispatch date of order. Also mentioning the customer care number to cancel the order.
FAQs
How do fake invoice scams work?
These scams involve fake invoices with a customer care number. When victims call, they’re tricked into providing sensitive information or visiting malicious websites.
What is the difference between spam and phishing emails?
Spam emails are generally non-targeted and often harmless, while phishing emails are crafted to deceive recipients into revealing sensitive information or clicking malicious links.
What makes Business Email Compromise (BEC) attacks unique?
BEC attacks don’t rely on links or attachments but instead use spoofed emails to impersonate trusted individuals, like a manager or CFO, and create a sense of urgency to manipulate the victim.
