Back to Course
Լight modeDark mode

What is an Email Attack Vector?

An email attack vector is a method of delivery for a malicious payload, or initiating a strategy for scamming victims into divulging sensitive information, passwords, or corporate credentials with the use of emails. 


An attack vector can be thought of as the way that an attacker gets their malicious code onto your computer. This could be through a website, through an email attachment, or even through a phone app. Each one of these methods requires different countermeasures to protect yourself from attacks. 

How can Email Attack Vectors harm you?

Usually, this happens when you click on a link or attachment in an email. For example, if you get an email from a friend with a link that says "check out this funny cat video," and you click it because you love cats, but it's actually some malicious code that will infect your device, or network, or steal sensitive data.


You may even get an email from your CEO asking you to make wire transactions from your company’s account. In this case, the attack vector is CEO Fraud

Some Common Types of Email Attack Vectors

CEO Fraud

A CEO fraud attack is an email phishing scam where fraudsters impersonate the CEO of a company in an attempt to convince employees to send money to them. The emails typically include the real name and business title of the company’s CEO.


Email Phishing


Email phishing is when someone sends you an email that looks like it's from a trusted source but really isn't. The message will ask you to click on a link or give out your information. Phishing attacks are very common, and they can happen whether you're at home, at work, or anywhere else.




Spoofing is the forgery or fabrication of email headers to impersonate legitimate company domains or individuals. The spoofed domain’s sending address impeccably resembles that of a legitimate sender which makes it hard for the receivers to differentiate between them.


Social Engineering


Social engineering attacks are orchestrated by trying to influence a victim’s opinions into manoeuvering them to expose sensitive information. It is a form of psychological manipulation to influence email receivers into falling for an attacker’s malicious intent. 

Course content
Email Authentication Fundamentals