There are several types of e-mail-based threats. The following are the most common:
Spam: Unsolicited e-mail messages that can be advertising a service or (typically) a scam or a message with malicious intent. E-mail spam continues to be a major threat because it can be used to spread malware.
Malware attachments: E-mail messages containing malicious software (malware).
Phishing: An attacker’s attempt to fool a user that such e-mail communication comes from a legitimate entity or site, such as banks, social media websites, online payment processors, or even corporate IT communications. The goal of the phishing e-mail is to steal user’s sensitive information such as user credentials, bank accounts, and so on.
Spear phishing: Phishing attempts that are more targeted. These phishing e-mails are directed to specific individuals or organizations. For instance, an attacker may perform a passive reconnaissance on the individual or organization by gathering information from social media sites (for example, Twitter, LinkedIn, Facebook) and other online resources. Then the attacker may tailor a more directed and relevant message to the victim increasing the probability of such user being fooled to follow a malicious link, click an attachment containing malware, or simply reply to the e-mail providing sensitive information. There is another phishing-based attack called whaling. These attacks specifically target executives and high-profile users within a given organization.