Security Threats in Email

Learning Outcomes

  • Identify security threats in emails

As you use email, it is crucial that you can recognize security threats and protect yourself and your organization.

Malware is any software specifically designed to damage a computer system without the owner’s knowledge. It is short for “malicious software.”

There are several different types of malware, all of which can be transmitted through email:

  • A virus is a “deviant” program stored on a computer floppy disk, hard drive, or CD, that can cause unexpected and often undesirable effects such as destroying or corrupting data.
  • A trojan horse is a program that is packaged with a useful application, usually free, such as a screensaver, but carries a destructive virus that creates problems for your computer without your knowledge. Once the program initiates, the camouflaged virus is released creating havoc and mayhem. This virus is named after the mythical Trojan horse that was left as a gift to the Trojan people from the Achaeans as a trick. A trojan horse is one of the biggest threats to computer security as they cannot be identified easily.
  • A worm is a type of malware that copies itself repeatedly into a computer’s memory (RAM) using up all available RAM. It also can copy on to a disk drive so it can load into RAM again. It spreads through a network to infect the RAM on other connected computers.  A worm can infect your computer through email (the worm is disguised by pretending it came from somewhere it did not). When you open the email attachment the worm looks through your Windows Outlook and other address books choosing names at random. Using built-in software, the worm sends copies of itself to many names in the address books.
  • Spyware is misleading software that is secretly installed on a computer through the web. Confidential information can be obtained by the installer such as passwords, keystrokes and email addresses. Too much spyware can slow down the operation of a computer.

Other Email-Related Threats:

  • Spam is flooding the internet with many copies of the same message. Most spam is derived from commercial advertising. It is not a security threat, but it can make it difficult to sort out important emails if you receive too much spam. You can obtain spam filters that spare the hassle of junk email, ads etc.
  • Phishing is an illegal activity where someone attempts to acquire sensitive information such as user names, passwords and credit card information. Often, users are asked to enter these details onto a fraudulent website. Phishing may employ highly advanced imitation websites which steal digital information. However, they often employ simpler messages like emails requesting bank information disguised as a desperate cry for financial help or a random donation from a wealthy individual. The purpose of the fraudulent email is to “phish” for, or entice people to share their personal, financial, or password data. It’s then used to commit crimes.
An example of a Phishing email, depicting a fake bank statement.

An example of a Phishing email, depicting a fake bank statement.