Articles about Email

Detections for malicious email forwarding rules have risen by nearly 600 percent in 2023, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, re-routing money into the criminal’s account.

This is one of the findings in the latest Threat Detection Report from Red Canary. Half of the threats in top 10 leverage malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors that could lead to a serious attack if not detected.

Continue reading →

According to a new report, 74 percent of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. This highlights the need for staff to receive better training on the risks.

Continue reading →

New research from email security provider EasyDMARC finds that 25 percent of e-commerce retailers expect to see a notable drop in email deliverability following Yahoo and Google's email authentication policy changes.

Both Google's sender guidelines and Yahoo's sender requirements and recommendations have stated that failure to comply with the new sending standards could negatively impact email delivery. For e-commerce providers that rely on email as a marketing and customer communications channel, these measures could negatively impact customer engagement and sales.

Continue reading →

A new report from Cofense based on data from its Phishing Detection Center identifies over 1.5 million malicious emails bypassing customers' secure email gateways (SEGs), a 37 percent increase in threats compared to 2022.

The report shows that SEGs struggle to keep pace with sophisticated phishing campaigns and that relying on 'good enough' email security is no longer an option for most enterprises.

Continue reading →

Phishing is the most common form of cyberattack as criminals seek to obtain credentials to access bank accounts or corporate networks.

Abnormal Security has analyzed which phishing attacks generate the highest click rate and categorized them based on the words included in the subject line.

Continue reading →

New research from Cofense reveals the most common phishing themes of last year, which offer insight into the threat actor's intentions.

Information analyzed to determine the theme includes the brand being spoofed, any attachment names, rendered attachments in the case of documents or HTML files, and the email body content, plus of course the subject.

Continue reading →

In March this year, EU countries' interior ministers are due to vote on the introduction of mandatory client-side scanning for all providers in order to identify child abuse material.

But an open letter, published today, from a group of privacy-focused companies warns of the risk of opening up a backdoor and calls on ministers to defend citizen's right to privacy and strengthen the position of EU companies.

Continue reading →

The troubled history of Mozilla’s Thunderbird could fill a book, from an extensive period on life support to its shift away from non-profit ownership. Even as development has resumed on the once moribund email client, criticisms remain over its stability and features.

For those frustrated by Thunderbird’s continuing issues, there may be a solution: Betterbird, which as its name implies, is a fork of the main Thunderbird client.

Continue reading →

A new report from Abnormal Security shows that vendor email compromise (VEC) attacks against financial services organizations increased by 137 percent in 2023.

This is an industry that handles a wide array of sensitive personal and financial information of the type hackers love to get their hands on. This makes organizations within the financial services sector particularly susceptible to cyberattacks, including socially-engineered email attacks.

Continue reading →

According to a new study, 94 percent of global organizations have experienced email security incidents last year, up two percent from the year before.

The latest Email Security Risk Report from Egress looks at attitudes and approaches to email security, the evolution of risks, and the impact of incidents, based on responses from 500 cybersecurity leaders.

Continue reading →

New research from cyber resilience company Red Sift shows that 33 percent of publicly traded companies worldwide are not protected by the DMARC email standard, though this is down from 70.5 percent in 2022.

However, in light of Google and Yahoo's new rules for bulk senders -- those sending over 5,000 emails daily -- which come into force on February 1st and are aimed at reducing spam, not using DMARC is a problem.

Continue reading →

Whoever said "To err is human" was right (actually, it was the English poet, Alexander Pope). Just like in our private lives, we all make mistakes in business too, no matter how diligent or professional we are. The trouble is, some human errors, however small, can have disastrous consequences. Like the fat-finger error that can cost an organization millions.

A fat finger error is a keyboard input mistake that results in the wrong information being transmitted. The term originated in financial trading markets and is now used more broadly in the security industry to describe data breaches that are caused by human error, particularly when the breach is attributed to mistyped information, like an email address.

Continue reading →

For users concerned about privacy, Proton Mail represents a tantalizing alternative to the likes of Gmail. Previously accessible through a web browser, both Proton Mail and Proton Calendar can now be accessed through a new desktop app.

Available in beta for Windows and macOS, and with a Linux version in the pipeline, Proton Mail's desktop app sees the Swiss company beating Google to the punch. To start with, the app is only available to people with a Proton Visionary plan, but will open up to everyone in early 2024.

Continue reading →

A new report from managed security platform Huntress shows that 64 percent of identity-focused incidents at SMBs in the third quarter of 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC).

Another 24 percent of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →