In other cases, people get phishing emails that say they're locked out of their accounts unless they
provide information within a certain amount of time. One thing you can do after receiving suspicious
emails is to contact the company directly through a method other than email to verify the authenticity.
- Ransomware
Ransomware is a kind of malware that allows the hacker to gain access to your email and shut you out
of it unless you pay a specific amount. It's common for ransomware to be installed on your machine after
downloading an emailed attachment, although it can also happen after visits to malicious sites.
The Malwarebytes Labs 2019 State of Malware Report mentions that there were 5,948,417 ransomware
attacks in 2018, which is a 26% decline over 2017 numbers. The researchers clarify that, despite the
drop, ransomware remains a significant concern. The situation is even worse for companies that don't
have their data backed up. Unfortunately, paying the ransom doesn't guarantee restored information.
- Bitcoin Investment Email Scams
Some cybercriminals operating via email also set their sights on bitcoin enthusiasts. In March 2019,
cybersecurity researchers in the United Kingdom uncovered a bitcoin email investment scam that stole
victims' passwords and other credentials once they downloaded a malicious attachment. The people who
came across the vulnerability believed the malware potentially had a keylogging component that made it
easier for hackers to get valuable data.
- Tax-Related Spear Phishing
Spear phishing is similar to a BEC, but it's sometimes associated with multiple people from one
department at an organization instead of just one high-level individual. The Internal Revenue Service
(IRS) published content advising tax preparation professionals and others to watch out for spear phishing
and be wary of any emails from senders posing as IRS representatives.
A common feature of these IRS spear phishing emails is that they ask accounting professionals to provide
tax or banking details. However, one thing to remember about IRS correspondence is that the
organization does not engage with individuals via email or social media to request personal information.
Staying Diligent When Using Email
There's no foolproof way to avoid all email vulnerabilities. However, if you avoid downloading unusual
attachments and don't respond to emails that ask for sensitive details without investigating them further,
those precautions go a long way.