Data shows that for every 100 people, 88 unique email addresses are breached. Those are not great odds. So much personal data flows through our email servers, and attackers know it. Breaking into an email account is tantamount to hitting a sort of cybercriminal's jackpot, as it is the unhidden hub of financial emails, healthcare messages, school and work communications, and things we irresponsibly send to our friends or ourselves (i.e., Personally Identifiable Information, or PII, from ID badge photos to social security numbers).
If they land in an inbox, threat actors have a multitude of options at their fingertips for where to pilfer next. Land in a professional's work inbox and bad actors could potentially have the tools to take down the company – or at least start heading in that direction.
The good news is that businesses don't have to be sitting ducks. By understanding email data leaks, their value to attackers, and their root causes, organizations can stay savvy and set up the right tools to thwart many email-targeting attempts.
Email Leaks in Business
Here are some valuables we may not realize are even hiding in our work inboxes:
- HR information (good for impersonations);
- Our writing style (good for newly released AI-based impersonations);
- Direct contact with key players in our organization;
- An element of trust (if attackers hack our account and send emails as us);
- Proprietary work information (i.e., from all-hands meetings, sensitive documents only sent within the network, internal memos, etc.);
- Employees’ payroll information;
- And a host of sensitive documents if we use an email server with a cloud storage element–mostly all of them now from Gmail, including Google Drive and Google Docs, to Outlook’s OneDrive and Microsoft 365.
These days, email accounts are much more than mere vehicles to send and receive emails to and from; they are part of a broader network of convenient, connected tools. Unfortunately, these tools hold scores of additional information, making a hacked business email account even more of a prize.
Common Causes of Email Leaks
There’s a diverse set of ways a cybercriminal can crack open our inboxes. These ways include:
- Stolen credentials: This tried-and-true method affords attackers free rein, and they are easily begotten as commodities that can be bought online via the dark web. As people reuse passwords 64% of the time, there's a good chance that even if the password was for another account (say a streaming service), the victim may use it to unlock their email as well.
- Credential attacks: Brute-force or otherwise hacked credentials that the attackers themselves have worked to earn. Instead of random lists that the attacker will sort through and check against your email, these attacks are focused on your inbox directly. In these cases, the threat actor is not looking for a windfall; they are looking specifically to plumb your email and everything contained in that account.
- Malware: Opening malware contained in attachments is an effective way attackers gain a foothold into our email servers and networks at large. Email sandboxing can help prevent this, as can DMARC authentication solutions.
- Phishing and malicious links: Clicking on a malicious link in a phishing email (made all the more indetectable by the use of AI).
- Social engineering: A phishing email saying you need to "update your Outlook password" should always be suspect, as should "direct" links to log into your email from an unsolicited text, chat, or LinkedIn message. These are lures that will often redirect directly to an attacker's password-stealing site.
- Insider attacks: Remember, internal IT and security personnel often have access to employee credentials. This is why using the principle of "least privilege for all roles" is so vital, as is revoking any lingering access after the employee leaves the organization.
Using Gateways & Other Email Security Tools
What is a secure email gateway? It is a software solution that sits between your inbound and outbound emails, checking for viruses, malware, and other email contraband before it enters your network via your inbox.
In addition to that, there are other tools designed specifically to prevent email leaks. Advanced Email Security solutions from Fortra include:
DMARC–No Look-alikes to Keep You Up Nights
In addition, Agari DMARC Protection is a robust DMARC authentication and monitoring tool. What is DMARC in the first place? It stands for Domain-based Message Authentication, Reporting, and Conformance, and in a nutshell, DMARC provides the email sender with a way to show their recipients that the emails they receive from said email sender are legitimate. This helps to prevent against email spoofing, or if an attacker sends a fraudulent email from a legitimate domain. It looks like the sender is notifying the receiver that their messages are protected via DMARC authentication methods and has instructions on what to do if a message from "them" fails to pass these qualifiers.
DMARC email authentication protects brands and provides organizations with the following benefits:
- The ability to reject bad messages more quickly via automation.
- Reduces risk by understanding when your company is being targeted for an email spoofing campaign.
- Fewer cases of email abuse as would-be-spoofers leveraging look-alike domains are detected via DMARC.
- Greater awareness of phishing campaigns and takedowns via DMARC’s threat intelligence assets and reporting.
- Continuous monitoring so you can respond to any infractions in real time, if necessary.
And then there are all those intangibles that a protected email domain affords:
- Boosted client and customer confidence in your brand as they come to know emails from you can always be trusted.
- Greater marketing efficacy built on that increased customer trust, since recipients trust your emails and can click on what they find in them with confidence.
As long as email remains the top communication tool for business, there are always going to be attempts to compromise it and use it for nefarious purposes. Using email security tools like DMARC, however, can place you two steps ahead of attackers and cut a lot of those schemes off before they get a chance to wreak havoc on your customers and your brand's reputation.
