Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

7 Powerful Pointers to Help Thwart Email-Based Attacks

While alternative options for functional communication channels are steadily growing for business users, email remains inextricable from your daily routine. It is easy to check. You browse it often. And even more so than your social media accounts or your favorite apps, it serves as a personal, direct line to you.

As such, the messaging vanguard still remains enormously popular with users, even millennials. Marketers love it too: Email newsletters (for example, shameless plug alert, Trustwave Digest) are back in vogue. If consumers are going to hear from brands, they want it to be done via email.

But there is one other, far more perfidious, group who also adores email: Cybercriminals.

They prey upon the curiosity, urgency and emotions you feel when you hear that enticing ding from your computer, signaling a new addition to your inbox. And they descend upon you in droves. According to the 2017 Trustwave Global Security Report, phishing and social engineering rank as the second-biggest factor contributing to compromises (only behind remote access). Other studies have found that nine out of every 10 breaches has a phishing or social engineering connection.


Our Global Security Report also discovered that in 2016, 60 percent of all inbound email was spam. Meanwhile, 35 percent of those spam messages contained malware, up three percent from the prior year.

Phishing attacks often originate from spam botnets such as Necurs and can take on many forms, from the well-document scourge of "CEO fraud" that has pillaged companies of millions of dollars to a fresh wave of malware disguised as legitimate Microsoft Office files.

Given the success rate of email-based attacks, coupled with the ease by which they can be launched, your adversaries won't be giving them up anytime soon. But there are steps you can take to lower your risk and force your foes to look elsewhere.


1) Lock down email traffic content as much as possible

Carefully consider your organization's inbound email policy. Quarantine or flag all executable files, including Java, JavaScript, .vbs and .wsf attachments, as well as all suspicious and/or unusual file attachments, such as .cpl, .chm, .hta and .lnk files. Create plans for how to handle these potentially dangerous files coming into your organization.


2) Block or flag macros in Office documents

At the least, organizations should enable macro protection in Microsoft Office while making users aware of the threats.


3) Keep client software fully patched and promptly up to date

Many email attacks succeed because of unpatched client software, such as Office and Adobe Reader.


4) Ensure your ability to check potentially malicious or phishing links in emails

Perform checks with the email gateway, the web gateway or both.


5) Deploy anti-spoofing technologies on your domains

Do this at the email gateway and deploy techniques to detect domain misspellings that may indicate phishing.


6) Educate users

Everyone, from the rank and file up to the C-suite, needs to comprehend the nature of today's email attacks. Conducting mock phishing exercises against your staff shows employees that phishing attacks are a real threat, and they need to be wary.


7) Deploy an email security gateway

The security gateway should be on premises or in the cloud with multiple layers of technology, including anti-spam, anti-malware and flexible policy-based content filtering capabilities.


Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More