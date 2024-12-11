The five email attacks to watch for in 2025

No Comments

Despite the rise of other means of communication email remains the most commonly used. This makes it attractive to cybercriminals as it offers an entry point to businesses and the gateway that employees rely on to do their jobs.

A new report from Abnormal Security highlights the attacks that we’re likely to see in the next year and shows the need for improved defenses, including the use of AI.

Cryptocurrency fraud tops the list, offering attractive potential to the victim and an easy route to revenue for the attacker. File sharing phishing comes next, using services like Dropbox, ShareFile, and Docusign which offer either free registration or no-charge trials. This allows senders to craft messages that avoid conventional filters because the malicious content isn't directly within the email.

Multichannel campaigns initiates contact through email but then steers the conversation to other channels, such as text messages, phone calls, or third-party messaging apps like WhatsApp or Telegram. This drives a sense of urgency and increases the chance of being able to deceive the target.

Business email compromise (BEC) is an old foe but the rise of AI has made it easier than ever to generate personalized messages that convincingly mimic the writing style of the impersonated individual.

Rounding out the five is account takeover (ATO), possibly the most dangerous email threat that organizations face, as it provides threat actors with unparalleled access to the company’s network and internal systems. It can be initiated using various methods, including phishing, social engineering, password stuffing, or session hijacking via authentication token theft or forgery.

The report warns, "The potency of these attacks lies in their ability to exploit trust. Whether impersonating known contacts, abusing compromised accounts, or weaponizing trusted platforms, attackers manipulate trust to breach defenses at every stage of an attack. The result is a threat landscape in which legacy security solutions, such as secure email gateways, are increasingly ineffective at detecting complex campaigns."

Guarding against these attacks requires a multi-pronged approach including security awareness training, but also incorporating AI to analyze identity, context, and content and build behavioral baselines to understand the organization's unique patterns of communication.

You can read more in the full report which is available from the Abnormal Security site.

Image credit: denismagilov/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

The five email attacks to watch for in 2025

How businesses can protect against online scams over the holiday season

How business function mapping can help align IT and cybersecurity with business priorities [Q&A]

Why agentic AI could make API threats a $100 billion-problem

Mozilla removes Do Not Track setting from Firefox and suggests an alternative

Linux Mint dethrones MX Linux as the most popular distro on DistroWatch

Apple Music strengthens its edge over Spotify with three new live radio stations

Most Commented Stories

The stunning Oreon 10 arrives to replace Microsoft Windows -- download it now!

83 Comments

Windows 12 is everything Windows 11 should be -- and the Microsoft OS we deserve!

58 Comments

Forget bloated Windows 11, Windows 12 Lite is the Microsoft operating system we need!

29 Comments

Microsoft refuses to ease Windows 11’s strict hardware requirements, despite the ditching of Windows 10

26 Comments

Today is the day! Say goodbye to Microsoft Windows 11 -- Nitrux Linux 3.8.0 is the OS you've been waiting for

22 Comments

Bluesky thinking -- why left-wingers are leaving X and why X will get over it

21 Comments

Waiting for Microsoft Windows 12 is a mistake when you can upgrade to Linux today

20 Comments

The Guardian’s exit from Elon Musk’s X shows a lack of journalistic courage

13 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.