Why using common email names like sales@, info@, accounts@ is risky

Increased Risk of Spam

1. Massive volumes of spam: Commonly used email addresses such as sales@, info@, and accounts@ are frequently targeted by spammers due to their broad usage.
2. Higher attack surface: These common addresses expose your business to more potential threats, making it easier for attackers to find a point of entry.

Phishing Exploits

1. Statistical likelihood: With an open rate of 2-4%, phishing emails targeting these common addresses are likely to succeed if enough spam is received.
2. Higher risk with volume: The more spam you receive, the higher the statistical risk that one of those emails could be a malicious attempt to breach your system.

Recommended Alternatives

1. Presales@ - For initial inquiries and customer support.
2. Question@ - Useful for general queries and feedback.
3. Payable@ - For financial communications related to payments or billing.

How phishing exploits common mailboxes

Phishing attacks often rely on deception, tricking recipients into providing sensitive information or clicking malicious links. Here’s how they exploit common email addresses:

1. Social engineering: Attackers craft emails that appear legitimate by mimicking familiar sender names like sales@ or info@.
2. Urgency and credibility: They might use urgency ("urgent payment due") or authority to convince recipients to act quickly.
3. Links to malicious sites: Phishing emails often contain links to fake websites designed to steal login credentials or personal information.
4. Attachments with malware: Malicious attachments can be disguised as invoices, receipts, or other legitimate documents.

Practical Steps to Mitigate Risk

1. Use less common email addresses: Choose unique email addresses like presales@, question@, and payable@ that are less likely to attract spam.
2. Implement spam filters: Use robust spam filtering solutions to automatically block suspicious emails.
3. Select an Email provider who will track suspicious account access, and supports link-rewriting and adaptive filtering. 
4. Educate staff: Train your team on recognising phishing attempts and reporting suspected spam.
5. Monitor email activity: Regularly check for unusual patterns or large volumes of incoming spam.

By adopting these practices, you can significantly reduce the risk associated with common email addresses while maintaining effective communication channels.