Start the Conversation with Typetec
Submit your email and a member of our team will be in touch with you.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Email is a ubiquitous tool in the modern workplace, with up to 81% of people still using it as their primary method of communication. It’s no surprise that email is such a target for cybercriminals, with 3.4 billion phishing emails being sent every day.
The problem is getting worse. Email phishing attacks increased by 28% in 2024, and cybersecurity leaders say AI is driving the increase in their prevalence and complexity. A successful data breach can be devastating, leading to data loss, financial damage, and reputational harm - with the total cost of one averaging £3.58bn per business.
In this blog post, we’ll provide five essential tips to improve your email security that you can enact today. We'll explore actionable strategies such as making the most of AI, using DMARC and DKIM, and more. By following these simple steps, you can significantly strengthen your defences against the most dangerous email phishing attacks.
Traditional email security measures, such as basic spam filters, struggle to defend against modern phishing attacks. Criminals can develop new phishing strategies faster than email providers can update their filters.
The solution here is simple: fight AI with AI.
AI-powered email security solutions use machine learning (ML) algorithms to detect and block threats that may slip past conventional filters.
How does it work? These solutions use AI to catch email threats before they hit your inbox. They first uses ML to discern the email’s source and blocks suspicious sources based on email traffic patterns and similar attacks. By analysing the context behind an email, AI can reduce false positives, ensuring you receive legitimate emails while blocking the harmful ones.
AI-powered email security solutions will then check that the sender is who they say they are, fighting directly against email spoof attacks. The email is then scanned for any malicious attachments and Safe Links checks all links for any vulnerabilities before allowing you to click.
This tip may seem obvious, but malicious email attachments still account for 36% of successful phishing attacks. Cybercriminals often disguise malicious files as seemingly harmless documents, such as invoices and reports.
The basic rule of attachments still stands: do not open attachments from senders you don’t know. However, with the rise in email spoofing, we recommend staying extra vigilant with attachments for known senders too.
Here are some key best practices to follow:
· If you receive an email with an attachment that you weren't expecting, even if it’s from a known sender, be cautious. The email could be spoofed or their email account could be compromised. Check with this person through a different means of communication, such as by phone or Teams message before opening.
· Always double-check who is sending the email. Watch out for any misspellings or unusual domain names. If the sender usually has a profile picture, do not open an attachment if a message doesn’t have it.
· Be particularly wary of executable files (.exe, .bat, .msi, .scr), as these can directly run code on your system. Archive files (.zip, .rar) can contain any type of file when you unzip it, so be equally as cautious.
IT teams should be running regular cybersecurity awareness training for all staff. We recommend running a simulated ‘attack’, where you send a dodgy-looking email with all of the hallmarks of a phishing email. If anyone falls for it, assign them extra training!
Malicious links within emails are a common tactic to direct victims to phishing websites. In fact, 38% of phishing emails use a URL to deliver their payload. These links are often disguised as seemingly legitimate links, and even the most tech-savvy employees can be fooled.
Here’s an example. If your organisation has set passwords to expire, and a user doesn’t want to get locked out, a time-pressured password reset email can be very convincing. Clicking on such a link could lead to a fake login page to steal your credentials, or download malware onto your device. Would you fall for this? (Spoiler: I did!)
A URL protection solution adds critical security by scanning links in real time and blocking them if they lead to dangerous or unauthorised websites.
When a user clicks on a link, the email security solution checks the destination URL against its database of known malicious websites. If the link is safe, the user is redirected to the intended website. If not, the user is blocked and the threat is reported to the company’s IT team. This significantly reduces the risk of falling victim to attacks using malicious email links.
Email spoofing, where attackers make emails appear as if they're coming from a legitimate source, is a particularly dangerous tactic.
As the email appears to be coming from a trusted email address, they are very difficult to manually spot. After all, if an email is coming from noreply@google.com, surely it’s trustworthy, right?
Unfortunately, it’s quite easy to spoof any email address. Implementing two essential tools, DMARC (Domain-based Message Authentication, Reporting, and Conformance), SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help protect against these attacks:
· DKIM adds a digital signature to outgoing emails, which can be verified by receiving mail servers. It’s essentially a tamper-proof seal that signifies an email comes from the right place and hasn’t been messed with in transit.
· You, as the domain owner, publish an SPF record in your domain's DNS (Domain Name System) settings. This record is essentially a list of authorised mail servers allowed to send emails on behalf of your domain. When a mail server receives an email claiming to be from your domain, it checks your SPF record.
· DMARC provides a policy for how your mail server should handle emails that fail SPF and/or DKIM checks. It can either monitor it, flag it or quarantine it.
When an email is sent from your domain, your mail server adds a DKIM signature to the message header and consults your DMARC policy. When your mail server receives an email, it checks the DKIM signature and performs an SPF check. It’s as simple as that!
Setting up DMARC, DKIM and SPF can be a tricky thing to get right – and a misconfiguration could mean your emails aren’t received by your recipients. We recommend working with a trusted cybersecurity partner to help set this up for you.
Even with the tightest safeguards in place, some email attacks fall through the cracks. An important rule to follow, therefore, is to always check unexpected requests using another form of communication.
If you receive a suspicious request, such as accessing sensitive information, a password reset or a fund transfer, do not respond directly to the email.
Instead, contact the sender directly. You could use a known phone number or another trusted communication channel. If you’re using Microsoft Teams to verify this, we’d recommend giving them a quick voice call, as a breached email account could also give them access to Teams.
Also, be suspicious of any urgent requests. Attackers often create a sense of urgency to pressure victims into acting quickly without thinking. Be wary of emails that demand immediate action, and take your time.
If you suspect an email, always report it to your security team. It could form part of a wider attack on your organisation, and the earlier your IT team is informed, the less damage criminals can inflict.
Email remains a critical tool for business communication, but it's also a prime target for cybercriminals. By following these five steps, you can significantly improve your email security posture and protect yourself from email attacks.
We recommend staying vigilant and using modern security tools. The zero-trust framework is useful here. No email should be inherently trusted, and employees should always check who is sending emails, especially when there are links and attachments.
If emails fall through the cracks, AI-powered email detection tools and URL protection is a useful line of defence.
Need a hand in setting up DMARC? Want some advice on how best to implement URL protection? Looking for some advice on how to run cyber awareness training? Ready to get started with next generation email security? Get in touch with one of our experts and see how we can help!