• StarSwift Blogger

Email Tampering (Part 2): STRIDEing through Email Threats

This is part two is a series of articles looking at the STRIDE Threat Model to identify and mitigate the threats risks posed to Email security.


In this article we look at Tampering. If you missed Part 1, you can find the article here


Tampering (the Threat)

Tampering can refer to a form of sabotage, but the term is often used to mean the intentional modification of data, in this case Email. If a cyber criminal can infiltrate an email system and tamper with the information, the consequences can be severe.

Integrity (the Property)

Email Integrity is about ensuring the receiver of the email knows that the message has not been altered after leaving the control of the sender.


Business Email Compromise (BEC)

By compromising company email accounts, a cyber criminal can establish who has the credentials and authority to initiate payments (or wire transfers) and additionally who has the power to request them. Attackers often then impersonate a senior executive (a CEO for example) to initiate payments or to gain access to critical and sensitive information that can be used for identity theft.

BEC attacks rely heavily on social engineering tactics to trick unsuspecting employees and senior executives.


Countermeasures - Technical Controls

There are a number of technical controls that can be implemented to prevent email tampering and validate email integrity:

  • Sender Policy Framework (SPF), Domain Key Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) - can contribute to helping address integrity issues with email. These were covered in more detail in Part 1.

  • A Secure Email Gateway that enables recipients to use multi-factor authentication (MFA) when accessing messages will provide the highest level of confidentiality, security, and integrity of email message life-cycle. It will also provide email encryption capabilities to safeguard the contents of email.

Countermeasures - Administrative Controls

  • Security Awareness Training - BEC attacks often do not have any malicious links or attachments and can evade traditional solutions. Employee Security Training and Awareness can help organisations identify this type of activity.

  • Access Control - ensure mechanisms and policies are defined and in place around roles and privileges.

  • Monitoring and Auditing - reviewing audit logs and monitoring for signs that Email accounts may have been compromised is a useful detective control.

Indicators to look for include:

  • Password Changes

  • Unexpected password reset emails

  • Unusual or strange emails in sent folders

  • Email Contacts in your address book contacting you about emails you have sent

  • Logins / access from unusual or new devices

More Information

If you would like more information or would like StarSwift Information Security to support you with the implementation of Email Security or Security Awareness Training, please do not hesitate to get in touch.


Please contact us for more information.



Part 3 - Repudiation