Did you know that 91% of malicious attacks begin with an email?


By: Corey Stein

Last year Danos received 1,342,641 emails from outside senders or ~3,678 per day. Although most of these emails are legitimate, much of it is sent with ill intentions. ~41% of our total email volume last year was rejected due to spam or security policies. The most dangerous of these are the ones that attempt to deliver a malicious payload and/or “Phish” for information.


Malicious URLs (hyperlinks)

  • Intended to lure the recipient into clicking a hyperlink in the body or subject of the email.
  • Clicking the link may download a virus or take you to a seemingly legitimate website where you are instructed to enter sensitive information.
  • 233% increase in phishing URLs last year

Weaponized Attachments

  • Intended to lure the recipient into opening a malicious attachment.
  • The attachment is typically a virus disguised as a common document or a zipped folder.
  • 40% of emails have an attachment
  • 80% of attachments are potentially vulnerable PDF or office docs
*Sometimes a phishing email may not contain any links or attachments, but will instead try to trick you into replying back with sensitive information. These often will appear to be an urgent request from upper management.

What to look for:

Malicious emails often contain one or more of the following signs:

  • the reply-to email address doesn’t match the sender’s name or email address
  • the sender's name doesn't match their email address
  • it is from someone you don't recognize
  • you weren't expecting the sender to contact you
  • it is not specifically addressed to you (e.g. dear customer)
  • there are spelling or grammatical errors
  • if you hover over a hyperlink, the destination appears incorrect
  • it includes a long list of recipients
  • it contains a vague message from a seemingly familiar source
  • it appears to be from someone within the company, however, it’s composed in plain text and contains no company email signature

phishing (fishing)  verb - to try to obtain financial or other confidential information from internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one. To make (someone) a victim in this way: If you've been phished, you should cancel your credit cards immediately.

What to do:

  • Always be cautious of all email that you weren’t expecting – even if it appears to be from an internal sender. If you are ever suspicious of a particular message, you should call the sender or contact the IT Department to determine legitimacy.

For additional tips, reporting suspicious emails or any other questions related to this, please contact the IT department at support@danos.com.

Corey Stein

Network Administrator Corey Stein joined the information technology department in 2013. Before joining Danos, Corey studied computer science at Nicholls State University and worked in information technology for the banking industry.  Originally from Chackbay, Louisiana he now lives in Lockport with his wife and two sons. His passions include family, friends, football, cooking, emerging technology and information security.  


Write Your Comment

Captcha Image