Receiving your emails through a web interface may be convenient, but attackers are after corporate inboxes and could one day visit yours.
What not to keep in your inbox
If someone gains access to your inbox, one possible outcome is a BEC attack, in which case your emails could play a big part in the success. Of course, security software helps to keep the wind in your sails, but anyone can fall for a phishing scam, so it’s important to minimize the potential damage by deleting any messages you wouldn’t want to fall into someone else’s hands—just in case. Here’s what to delete first.
Authentication data
Most services these days avoid sending temporary passwords. After all, sending passwords via unencrypted email is a bad idea. But some companies still send passwords via email, and the practice is somewhat more common with internal services and resources. In addition, employees sometimes send themselves passwords, logins, and their answers to secret questions.
These emails are exactly what attackers are looking for: with access to corporate resources, they can obtain additional information for social engineering manipulations and developing attacks.
Online Service Notifications
We receive all sorts of notifications from image masking online services: registration confirmations, password reset links, privacy policy update notifications. The emails themselves are of no interest to anyone, but they do show which services you subscribe to. Attackers will likely have scripts ready to automate their search for these notifications.
In most cases, your inbox is the master key to all of these services. By knowing which ones you use, attackers can request a password change and break into your inbox.
Scanning of personal documents
Business users (especially those in small businesses) are often tempted to use their inboxes as a sort of cloud file storage, especially if the office scanner delivers scans via email. Copies of passports, taxpayer IDs, and other documents are often required for routine paperwork or business travel.
We recommend that you immediately delete any messages that contain personal information. Download the documents and keep them in encrypted storage.
Confidential business documents
For many employees, exchanging การ บทบาท ของ เดอะ กระดาน ใน ไม่แน่นอน ครั้ง – โต๊ะกลม สรุป documents is an integral part of their business workflow. That said, some documents can be valuable not only to your colleagues, but also to attackers.
Take a financial report, for example. Likely to be found in an accountant’s inbox, a financial report provides a wealth of powerful information – and an ideal starting point for BEC attacks. Instead of sending fraudulent emails to colleagues, for example, cybercriminals with this information can directly use real information about specific contractors, accounts and transaction amounts to create enticing subject lines. They can also gain useful insights into the business context of the agb directory company, partners and contractors to attack them as well. In some cases, careful study of a financial report can also present an opportunity for stock market manipulation.
