Since email invention, the communication of many companies has relied on it. In time, business email security became vulnerable to a variety of issues that you need to be aware of and prevent. We’ll discuss them in detail below. 

Business Email Security: Threats

The most important – and common – business email security threats are phishing, spoofing, business email compromise, spear-phishing and whaling


As you can find in our Cybersecurity Glossary, phishing is

a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more


Spoofing refers to 

a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.

Business email compromise

As my colleague Bianca explains, business email compromise attacks are based upon 

what is commonly referred to as CEO fraud or the impersonation of an upper or middle-management employee. In this case, fraudsters contact their “colleagues” from the financial department, requesting an urgent payment and providing all the necessary details for the money to be transferred. Since the email comes from a superior and the message is transmitted with a sense of urgency, employees are likely to fall for this scam, being completely unaware the money will end up in a cybercriminal’s account.  

business email security 1


Spear phishing

Spear phishing represents a cyber attack in which malicious actors try 

to extract sensitive data from a victim using a very specific and personalized message. This message is usually sent to individuals or companies, and it’s extremely effective because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear-phishing message.


Whaling is defined as a form of business email compromise 

whose objective is to collect sensitive data about a target. What’s different from phishing is that whaling goes after high-profile, famous and wealthy targets, such as celebrities, CEO’s, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cybercriminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.

Business Email Security: Possible Consequences of Attacks

Cyber-attacks have significant consequences for businesses all around the globe, whether we’re talking about start-ups or large corporations: 

Intellectual property loss

Business email compromise leads, in general, to leaks of data, trade secrets, customer lists, research, patents or design and so on. As you can imagine, if sensitive information is caught in the wrong hands, nothing good can happen. 

Regulatory fines

Plus, data leaks also mean regulatory fines. Exposing customer and employee data may lead to severe financial penalties

Reputation damage 

Trust between you and your customers or business partners is of paramount importance to any company. Exposed data and regulatory fines will not help you maintain it and, if the brand value decreases, so does your revenue

Loss of customers

Directly or indirectly, data breaches affect customers, which might start looking for similar products or services that they consider more secure. Apart from customers and, consequently, revenue loss, the affected companies may also lose investors. 

Business Email Security: Attack Examples 

Whether we fancy social media or not, whether we have an account or not, we’ve probably all heard of Facebook – and so did some hackers, which made the American giant company lose over $100 million between 2013 and 2015.  Google was affected back then too. 

What happened? Malicious actors orchestrated a scheme “that included setting up a fake business and sending phishing emails to employees of Facebook and Google.” They posed as “another company, Taiwan-based Quanta Computer — which actually does business with Facebook and Google.”

The hackers created “created fairly convincing forgery emails using fake email accounts, which looked like they were sent by employees of the actual Quanta in Taiwan. They sent phishing emails with fake invoices to employees at Facebook and Google who <<regularly conducted multimillion-dollar transactions>> with Quanta, and those employees responded by paying out more than $100 million to the fake company’s bank accounts, prosecutors said.” 

business email security 2


Another example of a business email security breach is the case of Sony Pictures, back in 2014. As ExpertInsights writes

This is one of the most famous examples of how phishing attacks can catch more than just money. A group attacked Sony after they refused to withdraw a film mocking North Korean leader Kim Jong Un.

This targeted attack used more than just fake emails. Hackers actually gained access to Sony’s building by tricking employees. They impersonated IT staff, then used their credentials to plant malware on Sony’s systems.

This led to the leaks of tens of thousands of employee’s personal information, film scripts and highly confidential personal emails.

Business Email Security: Prevention

What are the best prevention measures you should adopt in order to achieve great business email security? 

Educate your employees

Employee security training is an essential practice for any organization. Each and every one of them should understand the importance of business email security, the value of sensitive data and the possible consequences of a successful attack. 

business email security 3


Implement policies and procedures

As I was saying in my article about CEO fraud emails, you need multiple layers of authorization, proper documentation and/or verbal approval before any money or sensitive information transfer happens. 

Plan for the worst-case scenario

In case a business email account gets compromised, every employee should know who to notify and administrators how to respond to the breach. Clear protocols will help you eliminate confusion and dangerous delays. 

Use an email security solution

Installing email security software is a great plus for any business email security strategy. Heimdal™ provides two such solutions, Heimdal™ Email Security and Heimdal™ Email Fraud Prevention. The first one can help you detect malware, stop spam, malicious URL and phishing, while the second one offers high protection against business email compromise and impersonation. Together, the two solutions can work to stop and flag down every type of malicious email communication there is, including the carefully created emails coming from a previously trusted compromised email address.

While each module is available separately, by combining the two email security solutions, there will be virtually no avenue left for attackers to use your email as a gateway towards breaching your organization.

Heimdal Official Logo
Email communications are the first entry point into an organization’s systems.

Heimdal™ Email Fraud Prevention

Is the next-level mail protection system which secures all your incoming and outgoing comunications.
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters to protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Business Email Security: Wrapping Up

Business email security is a factor that greatly contributes to business email stability since, as we have seen, a data breach affects the revenue, customers, employees and reputation of any company. 

However you choose to proceed, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions regarding the topic of business email security  – we are all ears and can’t wait to hear your opinion!

CEO Fraud Emails – Not Every Money Transfer Request You Receive is Legit

Vendor Email Compromise (VEC): The Classic Business Email Compromise (BEC) Scheme with a Spin

Heimdal™ Security Launches Heimdal™ Email Security, the Solution against Business Email Compromise (BEC)

Online Criminal Impersonation 101: Our Own Case of CEO Fraud

Leave a Reply

Your email address will not be published. Required fields are marked *