Email Security Blog

Identifying and Mitigating Email Threats

John Wilson December 1, 2021 Business Email Compromise, Cybercrime, Email Security, Phishing
Envelope with skull and cross-bones

Email  threats are ever evolving, and it’s important to stay up to date. Here are the current most common email threats and how to identify and mitigate them.

So, what are the most common types of email threats today?

  • Business Email Compromise
  • Ransomware
  • Phishing
  • Spear Phishing
  • Data Breach
  • Spam
  • Keyloggers
  • Domain Impersonation

We’ll explain these and more. Then, we’ll cover how to prevent, mitigate, and recover from most email threats.

Types of email threats

Most of us are familiar with spam emails and even messages that have viruses attached, but email threats have evolved quickly over the years to include a whole host of additional threats. Let’s review some of the most common email threats, and how you can stop them.

Business Email Compromise

Business Email Compromise (BEC) includes a wide variety of attack methods that all exploit the fact that companies utilize email in order to do business. BEC scams are usually targeted at larger organizations who conduct wire transfers or deal with international vendors.

Attackers can groom unsuspecting staff members through leaked contact information, or phishing messages to send highly sensitive information or wire money to their fake company. One of the most common attacks used in BEC is the fake invoice scam. The attacker uses social engineering or phishing techniques to convince someone in accounting that an invoice is long past due.

Another common tactic used by scammers is known as CEO fraud. Attackers conduct extensive research on a company to craft convincing phishing emails that impersonate high level staff within an organization. The attackers then convince other staff members to wire money or send financial documents to another email address.

How you can stop it: You can combat BEC attacks by implementing an automated system like Agari Active Defense for your network. This system uses numerous technologies to identify new threats and stop attacks such as domain spoofing from ever happening. As threats evolve over time, Agari can provide actionable intelligence to help keep your organization ahead of emerging threats.


Ransomware attacks have been on the rise for years and prove to be one of the most devastating threats you can encounter. Ransomware attacks use different techniques to trick recipients into downloading and executing a malicious attachment.

This attachment contains a payload that silently begins encrypting all files on the target machine, before moving on to the rest of the network. The victim is then presented with a choice. Pay the ransom for their files back or lose everything.

Without proper backups or the encryption key, there is often no way for victims to recover their files. Even if you comply and pay the ransom there is no guarantee the attackers will provide you with the key to unlock your files.

How you can stop it: A complete email security solution combined with a tested backup disaster recovery plan can prevent attacks and mitigate damage if data loss were to occur. AI-powered threat detection can identify malicious files based on reports from other threat databases and stop that attachment from being sent. Robust endpoint security is also necessary to stop threats from spreading across the network.


It’s estimated that over half of all emails sent are phishing attempts. Phishing attacks  impersonate trusted brands and individuals the victim is familiar with. The attack usually prompts recipients to click on a link and login into a web-based service.

The link redirects to a fake website that looks almost identical to the real service. Once the victim enters their information, the attackers are waiting to copy that information and steal the account.

How you can stop it: Phishing relies on impersonation, so training staff to be vigilant to these types of attacks can dramatically reduce exposure to these types of threats. Implementing DNS records such as SPF, DKIM, BIMI, DMARC helps prevent attackers from

Spear phishing is a much moresending messages on behalf of your domain. Lastly, using an AI-powered phishing defense system can stop attacks from reaching staff inboxes by leveraging threat intelligence from around the world.

Spear Phishing

targeted form of phishing where attackers impersonate a specific company or individual to appear believable. While your average phishing message is sent to thousands of inboxes, spear phishing campaigns are highly targeted, and only focus on a single company or person.

Attackers gather information such as staff names, email signatures, known associates, and company structure to craft a believable phishing message. Spear phishing is especially dangerous because even tech-savvy employees can be fooled by a well-crafted attack.

How you can stop it: Implement two factor authentication for critical applications. In the event credentials are compromised through a spear phishing attack, the attackers won’t be able to login without a second form of authentication. Mail server rules can also be put in place to flag messages as external. This helps staff easily see when they are communicating with someone outside of their organization, regardless of what the sender’s address looks like.

Data Breach

Data breaches can happen in many different ways, with email being a popular vector of attack. Sensitive information can be leaked accidentally, or on purpose by insider threats. While most data breaches result in database exploits, email can still be used to steal company secrets and other sensitive information.

How you can stop it: Many firewalls and email security platforms offer outbound filtering. These filters can scan messages for compliance information, credit card numbers, and a variety of those variables. File integrity monitoring can also be used to audit file access on the server and prevent those files from being copied or accessed by certain groups.


Yes, spam is annoying, but even innocent looking spam messages can contain more serious email threats. High volumes of spam can also dramatically impact productivity and can overwhelm already crowded inboxes.

How you can stop it: Use spam filters that check global blacklists as well as automatically update their spam databases of offending domains and IP addresses. Emails can be filtered by many variables including keywords, geographic location, and IP reputation.


Keyloggers steal and pass on the individual keystrokes from a victim to an attacker. These attacks can give bad actors complete access to user credentials, as well as contextual information that can be used to carry out more detailed spear phishing attacks. Keyloggers can be hidden inside innocent looking files, and silently installed in the background when the victim goes to open the file.

How you can stop it: Keyloggers can be stopped by having up-to-date endpoint security installed on all staff machines. If a keylogger does avoid detection and makes its way into a user’s inbox, good endpoint security should be able to stop and quarantine it as soon as it is executed.

Domain Impersonation

Domain impersonation is also referred to as a lookalike domain, or cousin domain attack. Attackers use domain impersonation in spear phishing attacks to avoid detection and make their fraudulent message look like it is coming from their target company.

For example, attackers targeting Microsoft will register the domain “” and send targeted messages from their slightly misspelled domain. Attacks that use domain impersonation can be tough to spot and can still occur even when protections like DMARC are in place.

How you can stop it: If you’re being targeted with domain impersonation, consider consulting a professional email security provider. Impersonation attempts could indicate a larger effort to compromise a network using spear phishing. Agari Active Defense works in real time to analyze threat intelligence to better understand risk and stop future attacks.

The Agari Advantage

Agari offers a turnkey solution to combat phishing threats using DMARC and advanced phishing protection. The system utilizes both signature-based security as well as behavioral analysis to stop both malicious files, and phishing attempts at the same time.

Predictive analytics identifies new threat trends as they emerge by proactively scanning trillions of messages. As new threat patterns are identified, they are automatically applied to your threat database, ensuring even the newest types of attacks are thwarted.

No matter where your mail server is hosted, Agari offers a wide variety of integrations into platforms like Office 365, Microsoft Exchange, and Gmail. Setup is simple, and doesn’t require any downtime, so you won’t have to worry about missed emails during onboarding.

If you’re looking to protect your company from email-based attacks, Agari’s Advanced Email Security can help. Sign up for a free trial to see the difference Agairi can make in your company’s inbox.



Laptop with multiple paddle locks with key holes

May 27, 2022 John Wilson

SMTPS: Securing SMTP and the Differences Between SSL, TLS, and the Ports They Use

What is the difference between SMTPS and SMTP? SMTPS uses additional SSL or TLS cryptographic protocols…

Agari Blog Image

May 18, 2022 Ramon Peypoch

What Is Email Spoofing and How Do You Protect Against It?

What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal…

Computer Showing Secure Email Server

March 9, 2022 John Wilson

Securing Your Email with DMARC

Understanding the What, How, and Why of DMARC You probably already know this, but it…

Laptop with multiple paddle locks with key holes

January 24, 2022 John Wilson

2022 Data Privacy Week – Education and Inspiration

As the world becomes more and more dependent on online resources to complete daily tasks,…

Agari Blog Image

December 16, 2021 John Wilson

Common Phishing Email Attacks | Examples & Descriptions

What does a phishing email look like? We've compiled phishing email examples to help show…

mobile image