Emails can be used as vehicles for attacks. Attachments and URLs are commonly used in the delivery of malware. Emails associated with malicious intent are termed as spam, phishing, and so on.

Spams are unsolicited emails that are sent frequently to a large mass of email addresses. Spams may be intentional or unintentional. Most spams are for advertising purposes. Sometimes the product advertised in the spam is fake.

The question is how the hackers get our email IDs. We use our email ID in a lot of places. We register our email ID in forums and online shopping sites. If the database of these sites is hacked, our email IDs are exposed. Spams can be categorized into several types based on the content of the mail:

• Phishing
• Spear phishing
• Watering hole attack
• Whaling
• Clone phishing

Phishing is a kind of spam. Phishing also involves sending malicious links or attachments to the victim by using social engineering. Password stealing is one of the goals of phishing. The phishing mails that involve password stealing urge the victim to enter his credentials in the forged site. The message body of the phishing is a category of spam that can trick the victim in to entering his credentials. The message warns the victim that if he does not log in to the site then his account will be blocked. There can be other kinds of messages that can be tempting too, such as winning prizes and so on. Security professionals have further classified phishing based on the email content and the victim.

Spear phishing is a phishing attack where an individual, an organization, or a group is targeted. The attacker's goal could range from stealing sensitive data to financial fraud.

A watering hole attack is another type of phishing attack. This kind of attack is a well-planned targeted attack. The attack collects information about the victim. This information can be the browsing habits of the victim. The hacker finds out bugs in the website by performing penetration testing. Then he exploits the bug in the website and compromises it. The next time the victim visits the sites there is a chance of getting hacked.

Whaling, also known as a CEO fraud attack, is a phishing attack meant to trap senior executives of an organization. The executives include CEOs and vice presidents, who possess sensitive financial and other business-related information. The purpose of the attack could be financial or to gain competitive information.

Clone phishing is another form of phishing. It is also known as deceptive phishing. In this kind of phishing, the attacker copies a legitimate mail that was sent to the victim earlier. Emails containing links or attachments are typical of this kind of phishing. The content of the mail remains the same, except the attachment or link is replaced with a malicious one. The mail is sent to the victim from a spoofed email ID. A spoofed email ID looks very similar to a real email ID. For example, [email protected] can be spoofed to [email protected]. The victim is likely to overlook the email ID and think that this came from the known sender, and he may end up clicking the malicious link.

There are many other forms of phishing and people have used different terminologies for it. We cannot cover all of the types here. However, any kind of phishing attack has the potential to carry malware and henceforth ransomware.

The following is a phishing email that claims to have information about the victim's voicemail:

The mail in the preceding screenshot has an attachment. The VBScript (visual basic script) attachment in this email is known to download Locky ransomware. Wannacry is also known to be delivered in the phishing email.