Email Security Trends for 2021
For as long as email remains one of the most popular modes of communication, cybercriminals will keep on targeting its users. And as people (and cybersecurity programs) wisen up to bad actors’ schemes, the latter will develop new ways to bypass security measures and catch their victims off guard.
Below are some of the emerging email security trends for this year.
Email Hijackers Spreading Infections via Email Threads
Phishers steal email credentials by fooling users into visiting fake login pages or downloading attachments laced with keyloggers. Once the phisher gains access to an account, they’ll monitor it silently, waiting for the right time to pose as the user and send an email to a bank or a corporate account manager to transfer funds to their bank account.
A new method that phishers are using is a twisted form of threadjacking. Normally, a threadjacker is just a benign (but rude) email thread participant who changes the thread’s topic — often to the disgruntlement of the other participants. But now, malicious email threadjackers use tools like Outlook Scraper to look for threads they can insert themselves to spread phishing messages or attachments that contain malicious code.
Since the threadjacker is posing as a trusted colleague, those on the email thread are more easily fooled into following phishing instructions or downloading dangerous attachments.
Massive Spam Waves from Compromised Accounts
Spam from unknown email accounts are believed to be blocked easily. In fact, Google claims to protect Gmail users from over 240 million COVID-related spam emails every day.
However, if a spam email comes from someone a user knows, that email has a higher chance of reaching that user’s inbox because spam filters will consider the message as valid. This is why threat actors are hijacking people’s accounts to send spam emails.
Business Email Compromise (BEC) Coming in All Languages
In a BEC attack, fraudsters pose as legitimate parties to trick their victims — usually businesses, government agencies, and nonprofit organizations — into paying fake invoices or some other action that’s detrimental to the victims.
Artificial intelligence-powered content analysis has now become powerful enough to detect BEC tactics in emails that are written in English and other Germanic languages. However, it still has a long way to go before it becomes effective for emails written in other languages. Until this happens, cybercriminals are certain to take advantage of the vulnerabilities.
Excel Macros in COVID-19-Themed Attachments
For quite some time now, hackers have been sending emails with attachments that come with certain Excel 4.0 macros. These macros launch a remote access tool called NetSupport Manager, a legitimate tool that is exploited by cybercriminals to take over victims’ devices.
Lately, hackers have been using COVID-19-themed attachments, such as those that purportedly contain graphs of coronavirus infections in the United States. When the victim downloads the Excel attachment and allows the macro to run, that macro also downloads and executes NetSupport Manager.
Phishing Emails in the Form of Remotely Hosted Images
Since email security programs can analyze the text of emails to determine whether they are phishing attempts or not, cybercriminals have been resorting to using messages contained in images instead. However, more and more cybersecurity programs can recognize the text contained in images, so bad actors are making it harder for the programs to fetch the images by having these images remotely hosted.
That is, instead of embedding the image in the email itself, they host the image externally. Technically, this means that the cybersecurity program has to fetch the image from the remote host first, instead of just being able to scan the image outright in the body of the email. Hackers can make the security scanners go through many website redirections before they can reach the host website. Sometimes, scans will show that that website is safe — when, in fact, it has already been compromised by the hacker.
Alternatively, bad actors can try to ensure that only the victim gets to fetch the images, not the security scanners. To illustrate, if a phishing campaign only targets your customers in New York, the email senders may implement a cloaking technique wherein only connections originating from New York may fetch the images. Scanners outside New York will therefore be barred from analyzing the safety of such images.