Industry Insights: Cyber Security and Email Threats


The rapid rise of cyber-crime shows no sign of slowing, with cyber-attacks becoming more ambitious and threats increasing in both quantity and quality. In this edition of Industry Insights, Stack Group Chairman, Jeff Orr, explains some of the techniques being used to gain access to your computer - and the valuable information stored there. 

One of the most common tools cyber-criminals use is email, although the particular technique they employ will vary. 

One popular method involves fraudsters creating a PDF or Microsoft Word file which they send as an email attachment – often labelled “invoice”, “receipt” or even “order”. The content of the attachment is a deliberate decoy, created to distract you from the true purpose of the document – to run malicious code, trojans or key loggers on your system. Your anti-virus software will probably not detect this, because the email does not become a threat until you open the attachment - at which point the code executes. 

Another common trick used by cyber criminals is to identify a target – this can be either an organisation or individual – before carrying out research via social media or company websites in order to identify a person whom the target will trust. By falsifying the information people see in the “From” field, it is simple for attackers to trick their targets in to thinking that they are receiving an email from a particular person, when actually it was sent by someone else. Once the recipient opens the email they have begun exposing themselves to the threat. Fraudsters may then go on to request a payment to be made, or encourage a recipient to open an attachment, all under the guise of the email having been sent from a person the contact knows and trusts. This can again result in malicious code being run on your system, or in some cases “urgent” payments being made – in to accounts specifically created by the fraudsters. 

There are a few ways of protecting yourself against these types of attacks. One of the best ways is to have your firewall or UTM set up to deny any inbound email with your own domain name as the sender. If you don’t know how to do this, call Stack and we’ll help. Also, don’t open any email attachments unless you are absolutely certain it is genuine. Finally, if you think you have a problem call your IT team, or a reputable firm like Stack.