Know what you’re dealing with when it comes to email attacks

Every single person, in every single company is at risk from cybercrime. In this case we are talking about email attacks.

Here are the in’s and out’s of three major methods of attack that are becoming more and more common. It is important you are aware of these and what to look for in suspicious emails. These are real and they could happen to you and your colleagues. So read carefully and remain vigilant!



Phishing is a type of fraud where the cyber attacker attempts to obtain information such as login credentials or accound information, by disgusing themselves as a reputable person from a reputable organisation in email, IM or other comms channels.


A random, mass mailing to thousands of possible customers of the organisation that’s identity is being used. This email will prompt the reciever to enter user credentials into a malicious, faked website.

Here’s an example;


ATTACK METHOD: Spear-phishing


Spear-phishing is an email fraud attempt which targets a specific organisation seeking access to unauthorised access to confidential data.


A cyberattacker does extensive research on a particular company and target. As in the example below, John is the victim. The attacker is aware that John is planning to attend an accounting conference. John has exchanged a few emails unknowingly with the attacker, who is posing as a conference organiser. After building up some trust with John the attacker strikes by sending a fake registration list to John. The attachment is loaded with malware however it’s highly likely John will trust him and open it! 




Whaling is a sophisticated scam that targets organisations that regularly make transfer payments, usually those that hold important and confidential information on customers and employees.


The cyberattacker very often targets a member of staff in accounts, impersonating the chief of finance or the managing director. The email will contain straightforward instructions, instilling a sense of urgency to add pressure, meaning the victim is very likely to take immediate action, thinking it is an urgent request from their boss. 


Using the button below you can download a great e-boook from Mimecast which you can download and share with your employees and colleagues. 

In this E-book, you’ll learn:

  • Five security tips your employees should live by.
  • Today’s most effective attack methods – and why they work. 
  • Why every employee – not just IT – must be accountable for security.