Skip to content

Email-based attacks remain the most popular tool cybercriminals use to infiltrate victims’ networks. According to Verizon, more than one-third of all data breaches involve an email phishing attack. Separate studies have shown that more than 83% of organizations face email threats consistently. 

Phishing is one type of email threat, but it’s often the first step cybercriminals take toward broadly compromising victim’s networks. There are many different types of email attacks, and they have grown increasingly complex over time. 

This puts pressure on security leaders who need to respond to a rapidly changing technological environment that still relies on 50-year-old communication technology. Email has undergone significant changes in its history, but its fundamental infrastructure was not designed with security in mind. Every organization shares responsibility for securing against email threats and safeguarding their users’ inboxes. 

To do that, security leaders need to know what types of email threats exist and how cybercriminals are using them to compromise their targets’ networks. We’ve compiled a comprehensive list of email threats, ranked by their level of complexity. 

Did You Know?


SpamTitan's spam catch rate

11 Seconds

a ransomware attack occurs


the average cost to manage spam per person without an email filter


of all email is spam

Top 15 Email Threats Security Leaders Need to Know About 

1. Spam 

Unsolicited junk mail is sent to millions of recipients at a time – everyone with an inbox already knows about spam. Blocking the least complex email threat on this list is relatively simple. Most email providers offer built-in spam protection, although very few email providers consistently catch 100% of spam messages. 

Spam emails typically advertise mass-market products and services, but they can also contain more complex threats as well. The main thing that characterizes these threats is that they are not customized to the recipient in any meaningful way.  

Nevertheless, spam costs businesses $20 billion a year in lost productivity and server overload. Every employee hour spent manually reading and deleting spam emails is an hour not spent working. 

2. Malware Attachments 

Malware attachments are among the least complex email threats because they rely on a simple attack strategy. Cybercriminals embed malware into a document – often a Microsoft Office 365 document – give the file a harmless-sounding name and send it to recipients. With some additional effort, the email can be made to look like a genuine report coming from a trusted authority figure. 

There are many types of malware, but ransomware is responsible for the most considerable losses of the pandemic era. These attacks can have catastrophic effects on organizations that are unprepared for them. 

There are many ways to protect email users from malicious attachments. Signature matching prevents many known threats, and sandbox solutions can also detect sophisticated zero-day email threats.  

3. Data Exfiltration 

Cybercriminals can use email to transfer data from your network in a variety of ways. These email attacks are often targeted, and attackers may know exactly what kind of data they want to steal. This email threat also includes data leaks that occur accidentally due to human error.  

Data breaches cost US companies $8 million, on average. These security incidents often come with a long-lasting impact on the organization’s reputation. In regulated industries like healthcare, sending data over unsecured channels like email can also come with hefty fines. 

To prevent data leaks from occurring, organizations must deploy secure email gateways that filter inbound and outbound messages. Anti-data exfiltration policies may require email users to provide supervisor verification before sending out messages that contain sensitive data and automatically encrypt those messages before they are sent.

4. Email Scams 

Email scams use fraud and social engineering to steal information from victims. These scams are slightly more complex because they abuse the trust people have to place in others when communicating online. 

Job posting scams are a particularly concerning example. Scammers can advertise open job positions the same way legitimate companies do. They may even conduct interviews and sign employment contracts. Ultimately, the scammer steals information (and often money) from their victims before disappearing. 

Advanced email security solutions can scan email content and identify potential scams. Gateway solutions may be configured to trigger alerts when scammers use key phrases. Reputation filters and block lists can improve your defenses against email scams but will often produce false positives as well. 

5. Malicious URLs 

Malicious URLs use a wide variety of tactics to trick users into entering sensitive data onto spoof websites and fake login pages. In most cases, attackers are looking for authentication data they can then use to infiltrate the network. 

Even if cybercriminals don’t gain access to the account they’re trying to hijack, these attacks can still support more complex attacks down the line. Cybercriminals know that people frequently reuse their passwords, so they’ll try using stolen login credentials wherever possible. 

Gateways offer decent protection against high-volume URL phishing attacks. Point-of-click protection and URL rewriting can prevent users from accessing high-risk websites. When combined with a comprehensive solution for managing email threats, these features dramatically reduce the risk of falling victim to malicious URLs. 

6. Spear Phishing 

Spear phishing is a more complex, highly personalized form of email phishing. Instead of sending a huge volume of boilerplate phishing messages to recipients, cybercriminals carefully research their targets and use that information to craft a compelling message. 

Many spear phishing attacks use social engineering tactics to increase their likelihood of success. Cybercriminals may impersonate trusted friends and colleagues, explicitly demand secrecy and urgency, and apply pressure to convince victims to comply. 

Spear phishing has a much higher rate of success than regular email phishing. When organizations fall victim to these attacks, they become exposed to additional threats, including malware attacks, credential-based attacks, and account takeovers. 

7. Domain Impersonation 

Hackers can use impersonated domains to trick victims into inputting sensitive data onto spoofed websites. These are more complex than the average spoofed website because their web address may look identical (or very nearly identical) to the address of the website being spoofed. 

For example, a hacker may spoof the TitanHQ website by registering “Tı” and copying the original website’s content. It would take a remarkably sharp-eyed user to notice the use of a Turkish “dotless i” in the spoofed URL. 

Microsoft Office 365 apps are highly vulnerable to attacks like this one. Preventing this kind of attack requires advanced email security features like URL rewriting and point-of-click protection. Microsoft does not offer these features as built-in security protections for email users.

One typical way data is exposed via email is by accidentally sending an email to the wrong recipient. This was found to be a prevalent security problem in healthcare and financial services.

8. Brand Impersonation 

Brand impersonation happens when hackers impersonate a known company or brand and abuse its reputation to trick victims into disclosing sensitive data. There are two main types of brand impersonation: 

  • Service impersonation revolves around compromising a brand’s business application or service. When this is done over email, it’s called vendor email compromise. The goal is often stealing personally identifiable information for use in a more elaborate attack. 
  • Brand hijacking happens when a hacker manipulates a brand’s website or domain to send fraudulent messages to customers and partners. This includes everything from sending fake security alerts to forging counterfeit invoices and sending them to vendors. 

Brand impersonation is involved in nearly half of all spear-phishing attacks. Almost all popular tech companies are impersonated, but Microsoft is by far the most common. This is because Microsoft Office 365 credentials are high-value items on the cybercrime market, and impersonating Microsoft personnel is an easy way to access them.

9. Extortion 

Extortion scams center around blackmailing victims with compromising content of some kind. A common tactic involves telling victims that they were caught browsing pornographic or illegal websites and that proof of their activity will be shared with their contacts unless the victim pays. Other versions focus on white-collar crimes and other forms of fraud. 

It’s important to note that, in many cases, there is no compromising material at all. Many hackers simply bluff about the existence of these materials, hoping that victims will feel enough guilt to pay without asking questions. 

Sophisticated email filters can prevent these threats from landing in users’ inboxes, quarantining them so that security personnel can review them. Filters can quarantine threatening emails based on keywords and other signals that suggest extortion is taking place.

10. Configuration Errors 

Email security solutions like SPF, DKIM, and DMARC can prevent a wide range of email threats. However, these solutions must be properly configured to work, which is not always the case at every organization. 

Improper configurations can create visibility problems, preventing security personnel from detecting security threats or accurately assessing risk. They can also impact incident response workflows by limiting the amount of information available to analysts and investigators. 

Some configuration errors are easy to spot. Non-delivery reports are a clear indicator that something is wrong. However, misconfigured SPF flattening solutions and ambiguous DMARC policies can easily go under the radar for months at a time.

11. Business Email Compromise 

Business Email Compromise happens when hackers gain access to a genuine business email address and use it to defraud the organization. Unlike spoofed websites and email addresses, this threat is technically internal – the attacker uses an email address that belongs to a legitimate user. 

These attacks carry an elevated social engineering risk. Hackers with access to an internal email account don’t need to send malicious attachments or links. They can simply send a stern email to an accounting intern demanding that the “late payment” gets processed immediately. 

These attacks represent a small number of overall spear phishing attacks, but make up an enormous number of losses – approximately $1.7 billion. Protecting against these attacks requires analyzing the behaviors of authenticated users and then comparing their activities against an established baseline over time.

12. Conversation Hijacking 

Similar to business email compromise, conversation hijacking occurs when cybercriminals gain access to privileged accounts and use them to continue existing conversations with employees, users, or partners. With this kind of attack, hackers often spend time researching the relationship between their victims and dedicate resources to playing the role convincingly. 

Unlike business email compromise, there is no need to use a genuine account for this purpose. A sufficiently well-informed hacker can achieve the same result using a lookalike domain or even a totally independent messaging application. 

Detailed cybersecurity policies are the best way to protect against conversation hijacking. Employees and partners should know exactly what platforms are safe, which ones are not, and what expectations they should have from everyone they talk to, whether it’s by email or any other platform. 

13. Lateral Phishing 

Lateral phishing happens when attackers hijack privileged accounts and use those accounts to send malicious phishing emails to trusted recipients and close contacts. This allows hackers to transform a minor account compromise into a significant data breach and expand their reach across multiple organizations. 

These attacks target a wide range of victims across almost every industry. They are closely linked to supply chain attacks, which often include a lateral phishing component.  

To protect against lateral phishing attacks, organizations need a combination of comprehensive email security policies and technology capable of reinforcing those policies. Email gateways may not have visibility into internal communications, but advanced email security solutions often do analyze internal communications for signs of malicious intent. 

14. Account Takeover 

Account takeover is technically a form of identity theft. In this case, an attacker successfully gains access to a victim’s account credentials and uses it to conduct unauthorized activities. Once the account is compromised, there is virtually no limit to what attackers can do under the guise of the user they are impersonating. 

Microsoft Office 365 accounts are particularly high-value targets for this kind of attack. Once a hacker successfully infiltrates a Microsoft 365 account, they can easily research contacts, steal sensitive data, and launch lateral phishing attacks across every network connected to the account. 

Protecting against account takeovers requires sophisticated behavioral modeling tools. Email security solutions must observe how genuine users typically act when carrying out their day-to-day tasks, and then flag users who deviate meaningfully from this standard.

15. Malicious Insiders 

Malicious insiders are the most complex email threat in the current security landscape. In this case, the attacker is not a professional cybercriminal and may not even have any technical hacking skills at all. Malicious insiders are typically one of two things: 

  • Disgruntled employees who are taking revenge for a perceived offense. These employees may be exacting revenge for something they feel the organization has done to them or opportunistically stealing data or money for their own purposes. 
  • Corporate spies who have been intentionally deceiving their employers to gain access to sensitive data. These campaigns may take years to pull off, and are incredibly difficult to detect. 

In both cases, the potential damage that malicious insiders can do is practically unlimited. Insiders already know where the most valuable assets and data are and how to access them. 

Catching malicious insiders is difficult, but it can be done. Anti-data exfiltration solutions may help flag users interacting with data in ways they should not. Sophisticated behavioral modeling tools can detect when genuine users deviate from their established routines, suggesting a potential insider threat.

Protect Against Email Threats with SpamTitan 

SpamTitan’s advanced email security and filtering solution includes AI-powered behavioral modeling that protects organizations from the most complex email threats. Safeguard your organization from the most advanced email-based attacks while improving operational security for yourself, your partners, and your customers. 

Susan Morrow

Susan Morrow


Talk to our Team today

Talk to our Team today