Phishing emails and other malicious messages are designed to provide an attacker with initial access to an organization’s network. This can occur in a variety of ways and achieve a number of different purposes:
Credential Theft
A phishing email can be designed to steal an employee’s username and password. These credentials can be used to remotely access services both on-site and, in the cloud, to perform data theft or other actions.
Trojan Installation
Many malicious emails carry a Trojan designed to create a foothold on the target computer. This malicious file will then collect data and possibly download additional, specialized malware such as keyloggers or ransomware.
Fraudulent Payment
Business Email Compromise (BEC) and similar scams are designed to impersonate a high-level executive within a company. These emails instruct an employee to send a payment to a certain account, pretending that it is for closing a deal or paying a vendor invoice.
Ransomware Delivery
Phishing emails are one of the primary delivery mechanisms for ransomware. A ransomware attack encrypts all of the files on infected computers and demands a payment to recover the files. Even if the ransom is paid, there is no guarantee of a complete recovery.