Articles about Email

New research from Cofense reveals the most common phishing themes of last year, which offer insight into the threat actor's intentions.

Information analyzed to determine the theme includes the brand being spoofed, any attachment names, rendered attachments in the case of documents or HTML files, and the email body content, plus of course the subject.

Continue reading →

In March this year, EU countries' interior ministers are due to vote on the introduction of mandatory client-side scanning for all providers in order to identify child abuse material.

But an open letter, published today, from a group of privacy-focused companies warns of the risk of opening up a backdoor and calls on ministers to defend citizen's right to privacy and strengthen the position of EU companies.

Continue reading →

The troubled history of Mozilla’s Thunderbird could fill a book, from an extensive period on life support to its shift away from non-profit ownership. Even as development has resumed on the once moribund email client, criticisms remain over its stability and features.

For those frustrated by Thunderbird’s continuing issues, there may be a solution: Betterbird, which as its name implies, is a fork of the main Thunderbird client.

Continue reading →

A new report from Abnormal Security shows that vendor email compromise (VEC) attacks against financial services organizations increased by 137 percent in 2023.

This is an industry that handles a wide array of sensitive personal and financial information of the type hackers love to get their hands on. This makes organizations within the financial services sector particularly susceptible to cyberattacks, including socially-engineered email attacks.

Continue reading →

According to a new study, 94 percent of global organizations have experienced email security incidents last year, up two percent from the year before.

The latest Email Security Risk Report from Egress looks at attitudes and approaches to email security, the evolution of risks, and the impact of incidents, based on responses from 500 cybersecurity leaders.

Continue reading →

New research from cyber resilience company Red Sift shows that 33 percent of publicly traded companies worldwide are not protected by the DMARC email standard, though this is down from 70.5 percent in 2022.

However, in light of Google and Yahoo's new rules for bulk senders -- those sending over 5,000 emails daily -- which come into force on February 1st and are aimed at reducing spam, not using DMARC is a problem.

Continue reading →

Whoever said "To err is human" was right (actually, it was the English poet, Alexander Pope). Just like in our private lives, we all make mistakes in business too, no matter how diligent or professional we are. The trouble is, some human errors, however small, can have disastrous consequences. Like the fat-finger error that can cost an organization millions.

A fat finger error is a keyboard input mistake that results in the wrong information being transmitted. The term originated in financial trading markets and is now used more broadly in the security industry to describe data breaches that are caused by human error, particularly when the breach is attributed to mistyped information, like an email address.

Continue reading →

For users concerned about privacy, Proton Mail represents a tantalizing alternative to the likes of Gmail. Previously accessible through a web browser, both Proton Mail and Proton Calendar can now be accessed through a new desktop app.

Available in beta for Windows and macOS, and with a Linux version in the pipeline, Proton Mail's desktop app sees the Swiss company beating Google to the punch. To start with, the app is only available to people with a Proton Visionary plan, but will open up to everyone in early 2024.

Continue reading →

A new report from managed security platform Huntress shows that 64 percent of identity-focused incidents at SMBs in the third quarter of 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC).

Another 24 percent of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

Google has decided to bring emoji reactions to Gmail, giving users the chance to respond to email with little more than a tap. Can't be bothered to type a proper reply? Just send a smile instead. It's an idea that has worked well on social platforms, so Google appears to believe it's something that will work with email too.

For anyone happy to send a quick and impersonal response in this way, the arrival of emoji reactions is great news. But for anyone who is not a Gmail user it is likely to be a serious source of irritation.

Continue reading →

Almost every organization freely admits that people are the biggest risk to their security and are most vulnerable when using email. While the 'outbound' risk of an employee accidentally or intentionally leaking data is very clearly categorized as an insider risk, even a phishing attack that originates from outside the organization requires an insider to, essentially, open the door.

And it’s a valuable vulnerability for threat actors to be aware of; the FBI reported that Business Email Compromise (BEC) scams accounted for $50 billion in losses between June 2016 to December 2022.

Continue reading →

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

Continue reading →

Emails from supposedly wronged and robbed Nigerian nobility asking for help in exchange for a payout of millions were one of the very earliest email scams.

For a while 'Nigerian prince' emails, also known as '419 scams' in reference to part of the Nigerian Criminal Code relating to fraud, were a regular feature in most people's inboxes.

Continue reading →