Message-Based and Communication Threat Vectors (Domain 2)
In this episode, we are focusing on communication-based threat vectors. These are the channels most people use every day—email, text messages, and instant messaging. While these tools increase productivity and convenience, they also provide attackers with multiple paths into your systems. Understanding how these vectors are exploited and how to secure them is critical to reducing risk.
Let’s begin with email threats. Email remains one of the most common and dangerous threat vectors in cybersecurity. It is used to deliver phishing attacks, malware payloads, and fraudulent messages that aim to trick recipients into taking harmful actions. Phishing is the broad category that includes these deceptive emails. Spear phishing is a more targeted version, where the attacker customizes the email for a specific individual or organization.
In a phishing attack, the message might look like it comes from a bank, employer, or software provider. It may ask the recipient to click a link, open a file, or enter their credentials on a fake login page. Once that action is taken, the attacker can steal information, install malware, or gain access to internal systems. Spear phishing adds credibility by including personal details like the recipient’s name, title, or recent activities, making the message more convincing.
One real-world example involved a company executive who received an email that appeared to be from a trusted vendor. The message requested payment for an invoice and included a link. When the executive clicked the link and entered credentials, the attacker gained access to the email account, launched internal phishing messages, and stole sensitive data. The damage was extensive, and the breach went undetected for several days.
To mitigate email threats, organizations should use spam filters, anti-phishing gateways, and malware scanning tools. Employees should receive regular training to recognize suspicious messages, verify requests through other channels, and report anything unusual. Multi-factor authentication helps limit the damage if credentials are compromised. And email systems should be configured to block or flag messages from unknown senders or domains.
Now let’s talk about SMS-based attacks. These are also known as smishing, short for SMS phishing. In a smishing attack, the attacker sends a text message that appears to come from a trusted source, like a bank, shipping company, or service provider. The message typically includes a link or phone number and tries to create urgency—like warning the recipient about a locked account or a missed delivery.
The risk with smishing is that mobile devices are often trusted by users and may not have the same security controls as corporate desktops. Users are also more likely to act quickly without questioning a text message. Clicking the link might lead to a fake login page or download a malicious app. Calling the number might connect the user to a fake support line, where the attacker collects personal or financial information.
To protect against smishing, users should be trained to avoid clicking links in unsolicited messages and to verify suspicious messages through official apps or customer service numbers. Mobile devices should be configured to block messages from unknown senders and to avoid automatically installing apps from untrusted sources. Organizations should also monitor for smishing campaigns that use their brand names or logos and notify customers when they become aware of these scams.
Finally, let’s look at instant messaging platforms. These tools include services like Microsoft Teams, Slack, WhatsApp, and other real-time chat apps used for personal and professional communication. While they increase efficiency, they also introduce new threat vectors—especially when they are used to send files, links, or credentials.
Attackers can exploit these platforms in several ways. They may impersonate a coworker or supervisor to ask for confidential information or urgent action. They may send malicious links or files through chat windows, hoping the recipient will click without thinking. In some cases, attackers may gain access to a compromised account and use it to spread malware across teams.
A real-world scenario involved an employee receiving a chat message from what appeared to be the head of human resources, asking for an urgent file transfer. The attacker had compromised the H R user’s account and used the platform’s familiarity and informal tone to avoid suspicion. Sensitive data was sent before the breach was discovered.
To reduce the risk of instant messaging threats, organizations should enforce policies that limit file sharing and external communications on work platforms. Authentication should be required for all accounts, and abnormal behavior—like messages outside of business hours or sudden file requests—should be flagged for review. Users should be trained to verify requests that involve sensitive data and to report anything that seems suspicious, even if it comes from someone they know.
As you prepare for the Security Plus exam, remember that communication tools like email, text messages, and instant messaging platforms are all potential threat vectors. Phishing and spear phishing target email users with deception and urgency. Smishing exploits mobile messaging. And instant messaging can be used to impersonate coworkers or spread malware. You may be asked to identify which communication vector is being exploited in a scenario or to recommend the best way to defend against it. Look for clues in the message source, user behavior, and the action being requested.
