- 2024 Egress report shows that 94% of global organisations fall victim to email phishing attacks & email security issues
- 92% of IT decision makers cite email security as a main concern, according to Exclaimer
- Exclaimer explains the preventative steps to avoid your email signature being used as a tool in business email cyber attacks
A 2024 report* highlighted business email security as an ongoing issue, with 94% of global organisations falling victim to email phishing attacks.
With almost all (92%) of IT decision makers citing email security as their main concern, according to an Exclaimer study, Carol Howley, Chief Marketing Officer at leading email signature management platform Exclaimer, discusses the preventative measures businesses should take to minimise security risks associated with email signatures being misused by phishing scams.
The Consequences of Business Email Phishing Attacks
“If you fall victim to a business email phishing attack, attackers can exploit exposed information for various malicious activities, exploiting vulnerabilities and causing harm to individuals and organisations.”
“Hackers often launch emails that appear to be from a legitimate source which often includes a malicious link. If opened, this malware could steal your login credentials which gives the hacker access to your email account.”
“With access to your email login, hackers can cause havoc. One way is by tampering with your signature settings to include malicious content such as fake links. Another is by altering your contact information in the signature to impersonate you, and in other cases they can access sensitive information such as contact numbers or internal department addresses.”
“Privacy attacks resulting from information leakage through email signatures can have consequences ranging from the disclosure of confidential information, data breaches and unauthorised access to personal data, financial fraud and damage to brand reputation.”
“Your email signature itself isn’t a direct vulnerability for cyberattacks, but it can be a tool used in phishing attempts.”
How To Safeguard Your Email Signature from Cyberattacks
Minimise personal information:
“Keep your email signatures professional and essential. Only include contact information like your name, title, company, work phone number, and company website in your email signatures and avoid including sensitive details like home addresses and personal mobile numbers. Less information in your signature makes it harder for attackers to exploit, reducing the risk of sensitive data breaches. If they gain access to your email account, there’s less personal data they can inject into a forged signature to trick recipients into phishing scams.”
Enforce strict email signature policies:
“Establish and enforce strict policies and guidelines for creating and managing email signatures to minimise the inclusion of unnecessary or sensitive information. This can include restrictions on embedding clickable links directly in the signature, which discourages a common phishing tactic where deceptive links are disguised to look like the company website or other trusted sources.”
Use a centralised management service or platform:
“A centralised management service, like Exclaimer, can help businesses manage and distribute signatures to ensure consistency. Having a central template for all signatures prevents modification of signatures with malicious content, whilst also reducing the risk of employee errors. Access to editing the signature template is typically limited to IT personnel or administrators, so by controlling the email template and limiting access to editing, the risk of malicious content being inserted is minimised.”
