The combination of malware and email is a dangerous one. These terms are closely related to each other since email is the main malware vector. Speaking of which, according to a Verizon's report, about 94% of malware is delivered through email. That is, malware and email create an explosive duo. But before we talk more about this, let's just remember a basic concept: what is malware.
Malware is a generic term used to denote any type of malicious software or digital threat that could harm your computer or business, including system changes and crashes, and information theft. Among the most well-known types of malware are viruses, worm, trojan, spyware, and ransomware.
Check out the tricks used to deliver malware
Every day thousands of digital threats are created. By the way, this is one reason why malware and email scams have become increasingly sophisticated and advanced, especially some types of malware such as ransomware. In practice, it means that cybercriminals use different frauds, techniques, and methods to deceive their victims.
We‘ve created this list to talk about it, to explain and show the ways, tactics or tricks used in email fraud to deliver malware.
1. Phishing emails
Undoubtedly, phishing is the main scam used by crooks to infect your machine or company with malware. Phishing is a type of cyber fraud in which a cybercriminal tries to impersonate a person or company to gain your trust and then trick you into action, such as downloading malware.
According to Europol, for example, targeted phishing emails, also known as spear phishing emails, are one of the main ransomware vectors. By the way, in the agency's view, ransomware is the main threat in the cyber world nowadays.
2. Malicious attachments
One of the most popular ways of malware delivery is through the use of malicious attachments, often used in phishing emails. That is, a cybercriminal sends you an email with an attached document that may at first look like anything but a malware. Files such as a resume, a new project, a new employee list, or a gift card. By downloading and running these files the malware infection happens.
There’s interesting data about weaponized attachments. It says that 48% of malicious files that travel through email are Office files, according to Europol. Other common but dangerous file types are pdf and zip files. That is, you need to be aware of Word, Excel and Adobe files.
3. Malicious links
Malicious links are also common ways of malware delivery. Many malicious emails contain URLs that may redirect you to a malware download or to a website that looks legitimate but is actually fraudulent. Such websites are usually designed to collect confidential information or even infect your system with some form of malware. Malicious URLs are therefore widely used in phishing and spam campaigns.
In the case of malicious links, one technique exploited by crooks is the use of URL shorteners. That is, criminals use legitimate tools to hide ulterior motives. By the way, this subject leads us to the next topic.
4. Domain spoofing
Domain spoofing is another tactic used by cybercriminals. Spoofing is directly linked to the use of emails to deliver malware. There are two main categories of domain spoofing: email spoofing and website spoofing. In both cases criminals make small changes to domains or addresses to confuse the victim. As you can imagine, spoofing is one of the main tools used in email attacks, whether phishing scams, spear phishing or spam.
5. Social engineering
Social engineering is yet another technique widely used in malicious emails intended to deliver malware. It consists of persuading and manipulating people after extensive research on them. Let's take the case of the security company RSA, in 2011, as an example. An employee group received a convincing malicious email saying something about an alleged recruitment plan. The email turned out to be the gateway to a malware that compromised the company.
Useful protection tips
To guard against the dangerous combination of email and malware there are a few options. For businesses, the best is to adopt an email security solution and invest in security awareness. Train the whole team so that they can identify different scams and frauds.
In addition, other helpful tips are: whenever you receive an email, check the “to” and “from” fields carefully. But not only that, as they can be faked. Also pay attention to the subject matter, the way the message was written, the email signature, and beware of attachments, links and downloads. Keeping your machine's operating system up to date is also critical to enhancing your security.