Email security – types of attacks, best practices and state-of-the-art solutions
Email remains the main attack vector in most cybersecurity incidents. According to data provided by Proofpoint, 23% of users consistently access any link or file received via email, making the human factor the most vulnerable component of the security infrastructure. At the same time, less than 1% of advanced attacks are intercepted by traditional protection solutions such as antivirus, exposing organizations to significant risks, including financial losses in the tens of millions of dollars.
A recent and serious example is the 2024 ransomware attack on Change Healthcare, one of the largest independent healthcare technology providers in the United States. The attack was initiated through a phishing email, which allowed the compromise of internal credentials and, implicitly, unauthorized access to the organization’s network. The incident generated nationwide disruptions in critical processes such as billing, prescription issuance and health insurance management. Although the company paid a ransom of $22 million, the personal data of more than 100 million users could not be recovered.
The phenomenon is also present at the local level. In Romania, in March 2025, the National Directorate of Cyber Security (DNSC) reported a phishing campaign that simulated official communications from ANAF and promised tax refunds. The purpose was the fraudulent collection of bank data. In May, another campaign targeted users with fake emails with the subject line “Warning of Infringement of Intellectual Property Rights,” apparently sent by a law firm. These messages contained malicious links that downloaded infostealer malware, capable of extracting cookies, authentication tokens, and saved credentials, thus giving the attackers full access to online accounts without the need for subsequent authentication.
In this context, Proofpoint Core Email Protection, available in Romania through Safetech Innovations, is a complete solution, capable of proactively blocking sophisticated threats delivered via email, protecting users and organizations against attacks with operational, financial and reputational impact.
Why email account protection is important
In 2025, more than 376.4 billion emails are sent daily globally, estimates emailtooltester. E-mail is no longer just a means of communication, but a real strategic resource for companies, helping to manage critical data flows: confidential documents, financial information, contracts, access to essential systems and business strategies. That is why it has also become one of the most frequently exploited vulnerabilities. According to the “Proofpoint 2024 State of the Phish” report, in 2023, Proofpoint detected and blocked, on average, 66 million Business Email Compromise (BEC) attacks per month. In addition, 94% of malware is delivered via email, according to “2025 Data Breach Investigations” conducted by Verizon.
Compromising an email account is no longer just an isolated privacy issue – it becomes a pivot point in the network, a “digital Trojan horse” that allows attackers to perform lateral movements and privilege escalations in the internal infrastructure. Through a compromised account, attackers can forward sensitive conversations, monitor internal communication to identify key people or critical projects, and directly exploit access to enterprise systems (CRM, ERP, financial applications, HR, etc.). This methodology transforms email into a channel of initial access but also of persistent control over the digital environment of an organization.
At the same time, the threat landscape targeting email has evolved significantly. Attacks are increasingly sophisticated, integrated and adapted to the organizational context, using automated techniques, artificial intelligence and data collected from OSINT sources. Here are the main types of attacks encountered today in the corporate environment:
• Phishing & TOAD (Telephone Oriented Attack Delivery): Attackers send emails that appear to be from legitimate institutions (banks, vendors, authorities), trying to convince users to reveal credentials or sensitive information. TOAD is a modern extension of phishing, where attackers combine fraudulent emails and phone calls to gain added credibility, often mimicking real call centers.
• Social engineering: Through psychological manipulation of employees (e.g., false urgency, apparent authority, guilt inducement), attackers cause actions that compromise security – such as approving payments or sharing sensitive documents.
• Spear Phishing: Advanced, targeted version of phishing that uses specific information about the organization or an individual (e.g., CEO, CFO). Such attacks often pass conventional filters, being delivered with a high degree of credibility and personalization.
• Ransomware: Emails delivered with malicious attachments or trap links can install ransomware that encrypts the organization’s files or systems. These attacks are frequently accompanied by double extortion – blocking access to data + threatening to publish it.
• Malware: Includes Trojans, spyware, infostars, or backdoors delivered through attachments or links. After execution, they can facilitate data harvesting, persistent access, or exfiltration of information from the internal network.
• Spoofing and Domain Impersonation: By spoofing the sender’s address or using similar domains (e.g., “micros0ft.com”), attackers trick recipients into believing that the message is legitimate. This type of attack is often used in BEC (Business Email Compromise) fraud.
• Adversary-in-the-Middle (AiTM): Attackers intercept and modify traffic between two legitimate parties (e.g., redirecting an email flow to a compromised server), capturing credentials or injecting malicious content.
• Denial of Service (DoS) by e-mail: By sending a very high volume of messages to an address or server, attackers can cause partial or total unavailability of email service, affecting business continuity.
• Account Takeover (ATO): Once an email account is compromised, attackers use it to send messages from within the organization, generating an increased risk of attack propagation and low visibility for security teams.
• Digital Identity Theft: Emails can be used to collect personal or authentication information, which is later used for financial fraud, digital identity cloning, or access to third-party accounts.
• Brand Impersonation & Image Fraud: Attacks are based on the visual and textual cloning of well-known brands, generating trust in the eyes of users. The goal may be to collect banking data, install malware, or initiate a larger attack.
• Business Email Compromise (BEC): Highly profitable attacks, in which threat actors pose as trusted executives, vendors, or partners, demanding transfers of funds or confidential data. They usually do not contain malicious attachments or links, which makes them difficult to detect automatically.
Best Practices for Email Security in Organizations
Let’s also not forget that email attacks exploit vulnerabilities that cannot be patched: humans. Although 73% of organizations reported at least one BEC attack, only 29% of them provided training to employees on how to identify and prevent them, according to the aforementioned Proofpoint report. As a result, this should be a basic measure for risk reduction. Equally important are the following:
• Policies for securing email accounts: use of complex passwords, changed periodically, avoid using the same password for multiple accounts, encryption of emails, clear policies on acceptable types of attachments, implementation of tools for scanning them, patch management strategy, clear rules on the period of storage/deletion of emails, Secure Email Gateway (SEG) for blocking spam, phishing and malware.
• Multi-layered security posture for email: advanced email filtering solutions, real-time threat detection, and comprehensive reporting tools.
• Data protection: Data Loss Prevention (DLP) solutions for detecting and blocking the accidental sending of sensitive data to external recipients.
• Multi-factor authentication (MFA) for all email accounts and services (at least two forms of verification).
• Advanced Threat Protection: the use of modern solutions that include sandboxing, URL rewriting and attachment analysis, complemented by solutions that provide real-time threat intelligence.
What’s new about Proofpoint Core Email Protection?
Thanks to the new partnership with Proofpoint, Safetech offers in the local market Proofpoint Core Email Protection, solution for email protection preferred by 85% of the Fortune 100 companies, that offers high scalability, easily adapting to IT infrastructures, regardless of the size of the organization.
Proofpoint Core Email Protection enables end-to-end security and management of email communication, using machine learning algorithms and multi-layered detection technologies, the solution identifies and blocks malicious emails before they reach users. It automatically categorizes known and emerging threats, providing granular control over a diverse range of emails, from phishing attempts and spam or bulk messages, to emails containing malicious attachments or links. In addition, it allows the definition of customized security policies and flexible email routing rules, tailored to the needs of each organization. At the same time, it can be deployed in cloud, on-premises or hybrid environments.
The Proofpoint platform includes the following key functionalities:
• Proactive, dynamic, adaptive threat detection and response through Proofpoint Nexus AI, an advanced threat intelligence platform that combines artificial intelligence, machine learning, behavioral analytics, visual threat detection, and threat intelligence. Proofpoint automatically scans all emails, both internal and external, constantly checking for indicators of compromise.
• Protection against TOAD or phone call phishing attacks, by automatically identifying dangerous behaviors using machine learning and computer vision from Nexus AI.
• Block Business Email Compromise (BEC) attacks using AI, relationship graphs, and language models to analyze sender-recipient relationships and email content.
• Proactively blocking threats from links and files (including malware) by testing them in an isolated environment, automatic analysis, opening links in secure environments, detecting attempts to evade filtering/security systems.
• Automatic quarantine of malicious post-delivery emails, i.e. automatically moving them from the user’s inbox to prevent access.
• Real-time contextual alerts: users are alerted directly in the email through explanatory banners and can quickly report suspicious messages, including from mobile devices.
For more information, visit the dedicated page: Proofpoint Core Email Protection.
Proofpoint’s email security has earned solid recognition in the market, being named an eight-time Leader in the Gartner Magic Quadrant for Email Security Platforms. In addition, Proofpoint secured the top spot in the “Leader” ranking in Forrester’s Q2 2023 report, The Forrester Wave: Enterprise Email Security , receiving the highest ratings in terms of current offering and strategy. Gartner Peer Insights reviews also further emphasize its strong performance in the market, with an average rating of 4.6/5 from nearly 500 reviews as of December 2024.
Proofpoint Core Email Protection via Safetech Innovations
Safetech Innovations offers comprehensive services for the effective implementation and use of the Proofpoint Core Email Protection solution in cloud, on-premises or hybrid environments, including integration with other security solutions. Services include requirements analysis and system design, solution installation and configuration, administrator training, as well as dedicated technical support to ensure continuity and optimal performance.
With a team of more than 70 experts, 14 years of experience and more than 600 completed projects, Safetech offers certified expertise in cybersecurity, consulting, continuous monitoring and incident response, guaranteeing customized, scalable implementations and post-implementation support.
For more details about the Proofpoint Core Email Protection solution, as well as the services offered by Safetech Innovations, you can contact us at sales @ safetech.ro or by phone: +40 21 316 0565.