top of page

The Monthly Cyber Resilience Series: Email Is Still the Weakest Link

  • Apr 13
  • 2 min read

Despite the rise of messaging platforms, collaboration tools, and social media, email remains at the centre of digital communication. That is exactly why it remains the primary entry point for cyberattacks.


The reason is simple: email is an open system. Anyone can send a message to anyone. At the same time, people are conditioned to read and respond quickly, often without careful verification. Attackers exploit this.


Modern email attacks are no longer obvious. They do not rely on poor grammar or suspicious formatting. Instead, they are:

  • visually convincing

  • personalised

  • carefully timed

  • often sent from compromised legitimate accounts


The objective is not always immediate system compromise. More often, the attacker aims to:

  • get the user to click a link

  • capture credentials

  • deliver a malicious attachment

  • trigger a financial transaction


In other words, the attack targets behaviour, not technology.


This is why email security is not just a technical issue. It is a combination of awareness, process, and control.


Practical Perspective


1. Common Threats

Email is used for multiple attack types:

  • Phishing – credential theft via deceptive messages

  • Spear phishing – targeted attacks against specific individuals

  • Business Email Compromise (BEC) – fraud within business communication

  • Malicious attachments – documents containing harmful code


2. What Users Should Check

Before clicking or responding:

  • Is the sender’s address legitimate (not just the display name)?

  • Does the message create urgency or pressure?

  • Are you asked to enter credentials or sensitive data?

  • Does the link lead to the expected domain?

If something feels slightly off it probably is.


3. Organisational Measures

Baseline controls should include:

  • email filtering (spam and phishing protection)

  • marking external emails

  • user awareness training

  • clear reporting channels


4. Technical Controls

Minimum standard:

  • SPF, DKIM, and DMARC implementation

  • MFA for email access

  • blocking risky attachment types

  • sandboxing attachments


5. Rapid Response

Speed matters.

When a suspicious email is reported:

  • analyse it quickly

  • remove it from other inboxes if needed

  • alert other users


Email risk cannot be eliminated, but it can be managed effectively with the right combination of behaviour and controls.

Comments

Badge.png

CSEC

t. +387 33 448 280

e. csec_official@csec.ba

a. Gradačačka 114

    Sarajevo, Bosnia and Herzegovina

White BA logo.png

The establishment of CSEC has been supported by the UK Government.

Subscribe to Our Newsletter

Thanks for submitting!

Follow Us On:

  • Facebook
  • LinkedIn
  • Instagram
  • Twitter
bottom of page